Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1559584
MD5:acccdf6ccc00ba4c7584a6feab78fd34
SHA1:232870d56f0bc169ad98dcdcc1eaf3f597fe0c21
SHA256:0be1956aa2b18128c09203dbc053178765e16cc2f95ed0471e6e7de1e701264c
Tags:exeuser-Bitsight
Infos:

Detection

Credential Flusher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

  • System is w10x64
  • file.exe (PID: 7464 cmdline: "C:\Users\user\Desktop\file.exe" MD5: ACCCDF6CCC00BA4C7584A6FEAB78FD34)
    • taskkill.exe (PID: 7480 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7580 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7648 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7656 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7708 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7772 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 7828 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 7864 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7880 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8116 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2292 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2212 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c855319-f837-426b-8ab4-f0b0b7a6bab5} 7880 "\\.\pipe\gecko-crash-server-pipe.7880" 1707216ef10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7612 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4524 -parentBuildID 20230927232528 -prefsHandle 4536 -prefMapHandle 4532 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f62e6612-366c-42fe-84de-5df465843634} 7880 "\\.\pipe\gecko-crash-server-pipe.7880" 17004818810 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 4480 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1552 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 2504 -prefMapHandle 2516 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {365afaa5-ae5a-4294-93d9-4bd644b6d0a1} 7880 "\\.\pipe\gecko-crash-server-pipe.7880" 17003482110 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
Process Memory Space: file.exe PID: 7464JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security
    No Sigma rule has matched
    No Suricata rule has matched

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: file.exeReversingLabs: Detection: 34%
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.1% probability
    Source: file.exeJoe Sandbox ML: detected
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49743 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49745 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49759 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49768 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49767 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49771 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49772 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.4:49775 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49776 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49777 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49779 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49780 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49778 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49827 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49828 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49826 version: TLS 1.2
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.13.dr
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0069DBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A68EE FindFirstFileW,FindClose,0_2_006A68EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_006A698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0069D076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0069D3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_006A9642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_006A979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_006A9B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_006A5C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 193MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 151.101.1.91 151.101.1.91
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006ACE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_006ACE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048050257.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2035705829.000001707EF59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048050257.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2035705829.000001707EF59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.2000905904.0000017003030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.2032319823.000001700B0BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.2055028848.000001707EF16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000D.00000003.2081844995.000001700E155000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2037491125.000001700E155000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.2076441291.00000170041B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2081844995.000001700E155000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2037491125.000001700E155000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.2049428734.000001700C2F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906941040.000001700C2F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913595655.000001700C2F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.2049428734.000001700C2F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906941040.000001700C2F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913595655.000001700C2F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB00A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3060402580.000001E5B9C03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB00A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3060402580.000001E5B9C03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB00A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3060402580.000001E5B9C03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.2032319823.000001700B0BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://a581a2f1-688c-434b-8db8-16166b1993d9/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.2076441291.00000170041B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2081844995.000001700E155000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2068645313.000001700E66A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.2068645313.000001700E66A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.2076441291.0000017004187000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004839000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 0000000D.00000003.2046126479.0000017005C56000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1915578233.0000017003E98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064878694.0000017003CFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2059613484.00000170066CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064024392.0000017003CF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064878694.0000017003CF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2040769550.0000017003CFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004839000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2080963493.0000017003DBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2063655995.0000017003DBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 0000000D.00000003.2064735546.0000017003D0E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064024392.0000017003CC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064878694.0000017003CC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2040769550.0000017003CC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 0000000D.00000003.2051599033.0000017004CC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 0000000D.00000003.2042746490.000001700AF37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2055096676.000001707E229000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2050862562.000001700AF37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058806217.000001700AF37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
    Source: firefox.exe, 0000000D.00000003.2042746490.000001700AF37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2055096676.000001707E229000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2050862562.000001700AF37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058806217.000001700AF37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
    Source: firefox.exe, 0000000D.00000003.2067159233.000001707D98A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2056192835.000001707D98A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048441222.000001707D98A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2041272309.000001707D98A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
    Source: firefox.exe, 0000000D.00000003.2056192835.000001707D961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2067475692.000001707D961000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times
    Source: firefox.exe, 0000000D.00000003.2067159233.000001707D98A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2056192835.000001707D98A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048441222.000001707D98A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2041272309.000001707D98A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
    Source: firefox.exe, 0000000D.00000003.2056192835.000001707D961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2067475692.000001707D961000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
    Source: firefox.exe, 0000000D.00000003.2067159233.000001707D98A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2056192835.000001707D98A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048441222.000001707D98A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2041272309.000001707D98A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
    Source: firefox.exe, 0000000D.00000003.1998366726.000001700C5A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1990905499.000001700C5A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921373401.000001700C5A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1988595704.000001700C5A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925490258.000001700C5A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 0000000D.00000003.2075034789.0000017004BD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1986940364.000001700ADA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2039334216.000001700AE9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2031295814.0000017003877000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869143291.00000170030F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2001617100.0000017003B35000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2003986189.0000017003B46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2046126479.0000017005C56000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1993070539.0000017003851000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2025941364.0000017002FF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2031473372.00000170030CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902343983.000001700ADA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2075034789.0000017004BAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2046355597.0000017005C32000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2071683366.000001700616C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2073513970.0000017005C56000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2060632040.0000017004A8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2000978599.0000017002FF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902257061.000001700ADB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2024543657.0000017003B3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2073609309.0000017005C32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.thawte.com0
    Source: firefox.exe, 0000000D.00000003.2069795917.000001700C2E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2046355597.0000017005C32000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2049428734.000001700C2E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2073609309.0000017005C32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
    Source: firefox.exe, 0000000D.00000003.2069795917.000001700C2E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2046355597.0000017005C32000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2049428734.000001700C2E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2073609309.0000017005C32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 0000000D.00000003.2045487725.0000017005E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
    Source: firefox.exe, 0000000D.00000003.2045240586.0000017006697000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2052390760.0000017004B43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2034606500.000001707EF9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2065676930.000001707EF9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2060218098.0000017004B80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2046410044.0000017004B80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2059888505.0000017006697000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2060406217.0000017004B43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: firefox.exe, 0000000D.00000003.2060218098.0000017004B80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2046410044.0000017004B80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
    Source: firefox.exe, 0000000D.00000003.2052390760.0000017004B43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2060406217.0000017004B43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulzw
    Source: firefox.exe, 00000010.00000003.1903411219.0000015FEBD3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.1904204687.0000015FEBD3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3065182765.0000015FEBD3D000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.13.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 0000000D.00000003.2069795917.000001700C2E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2049428734.000001700C2E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
    Source: firefox.exe, 0000000D.00000003.2069795917.000001700C2E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2049428734.000001700C2E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 0000000D.00000003.1862168546.000001700245A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861242769.0000017002200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861859493.000001700243C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861525839.000001700241F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862380797.0000017002477000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 0000000D.00000003.2077597343.0000017003FB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2061549597.0000017003FB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 0000000D.00000003.2068555828.000001700E68B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 0000000D.00000003.1914283323.000001700AF56000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2038821953.000001700AF53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058409942.000001700AF53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
    Source: file.exe, 00000000.00000002.1885598601.0000000000CA7000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914463987.000001700AECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2006716129.0000017003BEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1929677049.0000017003BEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1938853920.0000017004D16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2004848795.0000017004D16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000D.00000003.1914463987.000001700AECD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdPV
    Source: firefox.exe, 0000000D.00000003.2034606500.000001707EF9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 0000000D.00000003.2068645313.000001700E66A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 0000000D.00000003.2068645313.000001700E66A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 0000000D.00000003.2068645313.000001700E66A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 0000000D.00000003.2068645313.000001700E66A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 0000000D.00000003.2068645313.000001700E66A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 0000000D.00000003.2042561118.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2082850536.000001700C287000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
    Source: firefox.exe, 0000000D.00000003.2076441291.0000017004187000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
    Source: firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2070372832.000001700C28F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 0000000D.00000003.2068645313.000001700E66A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 0000000D.00000003.2068645313.000001700E66A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 0000000D.00000003.1911412886.0000017003E71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058409942.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 0000000D.00000003.2056753590.000001700E757000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2042746490.000001700AF37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2050862562.000001700AF37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058806217.000001700AF37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913168162.000001700C83C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048050257.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048441222.000001707D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2055986382.000001707D9B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2035705829.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3061242214.00000189B0EC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB0E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3063132771.000001E5B9E03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048050257.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048441222.000001707D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2055986382.000001707D9B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2035705829.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3061242214.00000189B0EC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB0E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3063132771.000001E5B9E03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
    Source: firefox.exe, 0000000D.00000003.2068645313.000001700E66A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2036079625.000001707EF32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 0000000D.00000003.1971804620.0000017002FA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1972672037.0000017002FBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1973570653.0000017003053000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
    Source: firefox.exe, 0000000D.00000003.1971804620.0000017002FA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1972672037.0000017002FBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1973570653.0000017003053000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
    Source: firefox.exe, 0000000D.00000003.1971804620.0000017002FA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1973570653.0000017003053000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1972492027.0000017002F88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
    Source: firefox.exe, 0000000D.00000003.1973570653.0000017003053000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1972492027.0000017002F8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
    Source: firefox.exe, 0000000D.00000003.1971804620.0000017002FA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1972672037.0000017002FBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1973570653.0000017003053000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
    Source: firefox.exe, 0000000D.00000003.2072151109.0000017005ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2051307416.0000017005E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2045487725.0000017005E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
    Source: firefox.exe, 0000000D.00000003.2072151109.0000017005ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2051307416.0000017005E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2045487725.0000017005E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
    Source: firefox.exe, 0000000D.00000003.2072151109.0000017005ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2051307416.0000017005E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2045487725.0000017005E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
    Source: firefox.exe, 0000000D.00000003.2072151109.0000017005ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2051307416.0000017005E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2045487725.0000017005E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
    Source: firefox.exe, 0000000D.00000003.1971804620.0000017002FA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1972672037.0000017002FBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1973570653.0000017003053000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 0000000D.00000003.2028242073.0000017003A07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
    Source: firefox.exe, 0000000D.00000003.1971804620.0000017002FA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1972672037.0000017002FBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1973570653.0000017003053000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
    Source: firefox.exe, 0000000D.00000003.1971804620.0000017002FA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1973570653.0000017003053000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1972492027.0000017002F8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
    Source: firefox.exe, 0000000D.00000003.1971804620.0000017002FA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1973570653.0000017003053000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1972492027.0000017002F88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 0000000D.00000003.1862168546.000001700245A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861242769.0000017002200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861859493.000001700243C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861525839.000001700241F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862380797.0000017002477000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 0000000D.00000003.2038821953.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058409942.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2083425416.000001700AFCD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
    Source: firefox.exe, 0000000D.00000003.2070530917.000001700C1E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
    Source: firefox.exe, 0000000D.00000003.2055096676.000001707E2B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048050257.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048441222.000001707D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2055986382.000001707D9B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2035705829.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3061242214.00000189B0EC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB0E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3063132771.000001E5B9E03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048050257.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048441222.000001707D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2055986382.000001707D9B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2035705829.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3061242214.00000189B0EC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB0E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3063132771.000001E5B9E03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
    Source: firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 0000000D.00000003.2071683366.000001700616C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2083735092.0000017006180000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2000905904.0000017003030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000D.00000003.2055096676.000001707E229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab
    Source: firefox.exe, 0000000D.00000003.2055096676.000001707E229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
    Source: firefox.exe, 0000000D.00000003.2055096676.000001707E229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCapture
    Source: firefox.exe, 0000000D.00000003.2055096676.000001707E229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryption
    Source: firefox.exe, 0000000D.00000003.2055096676.000001707E229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing
    Source: firefox.exe, 0000000D.00000003.2042746490.000001700AF37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2050862562.000001700AF37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058806217.000001700AF37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
    Source: firefox.exe, 0000000D.00000003.2031295814.0000017003877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
    Source: firefox.exe, 0000000D.00000003.1862168546.000001700245A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048050257.000001707EF69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861242769.0000017002200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2035705829.000001707EF69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861859493.000001700243C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1926235732.0000017003A82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861525839.000001700241F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1992248696.0000017003A44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862380797.0000017002477000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 0000000D.00000003.1904206934.000001700ADA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/y
    Source: firefox.exe, 0000000D.00000003.1864186474.0000017001C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865536548.0000017001C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865179231.0000017001C1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 0000000D.00000003.1864186474.0000017001C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865536548.0000017001C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865179231.0000017001C1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
    Source: firefox.exe, 0000000D.00000003.2055096676.000001707E229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2069739153.000001700C850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2044378240.000001700AC35000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2082602733.000001700C850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913168162.000001700C83C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB012000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3060402580.000001E5B9C13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 0000000D.00000003.1918066733.000001700C5F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916761070.000001700C5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 0000000D.00000003.2074392712.0000017004CD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2039685887.0000017004CD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2051599033.0000017004CD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.2035965066.000001707EF42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2067065474.000001707E20A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2069739153.000001700C850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2044378240.000001700AC35000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2082602733.000001700C850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913168162.000001700C83C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB012000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3060402580.000001E5B9C13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2071683366.00000170061AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2083735092.00000170061AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2078623267.0000017003F52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB0C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3060402580.000001E5B9CC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2044378240.000001700AC35000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2071683366.00000170061AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2083735092.00000170061AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB0C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3060402580.000001E5B9CC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 0000000D.00000003.2083923410.0000017005E08000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB02F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3060402580.000001E5B9C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2078623267.0000017003F52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
    Source: firefox.exe, 0000000D.00000003.2038821953.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058409942.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2078623267.0000017003F52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
    Source: firefox.exe, 0000000D.00000003.2038821953.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058409942.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2078623267.0000017003F52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
    Source: firefox.exe, 0000000D.00000003.2038821953.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058409942.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2078623267.0000017003F52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
    Source: firefox.exe, 0000000D.00000003.2038821953.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058409942.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2078623267.0000017003F52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
    Source: firefox.exe, 0000000D.00000003.2038821953.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058409942.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2078623267.0000017003F52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
    Source: firefox.exe, 0000000D.00000003.2038821953.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058409942.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2078623267.0000017003F52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
    Source: firefox.exe, 0000000D.00000003.2038821953.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058409942.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2071683366.00000170061AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2083735092.00000170061AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB0C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3060402580.000001E5B9CC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 0000000D.00000003.2044378240.000001700AC35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2078623267.0000017003F52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
    Source: firefox.exe, 0000000D.00000003.2038821953.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058409942.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
    Source: firefox.exe, 0000000D.00000003.2058409942.000001700AF53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
    Source: firefox.exe, 0000000D.00000003.2038821953.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058409942.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2071683366.00000170061AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2083735092.00000170061AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB0C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3060402580.000001E5B9CC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 0000000D.00000003.2044378240.000001700AC35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 0000000D.00000003.2044378240.000001700AC35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 0000000D.00000003.2044378240.000001700AC35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 0000000D.00000003.1902343983.000001700ADA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1986940364.000001700AD9F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1977987647.000001700AD9F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904206934.000001700AD9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 0000000D.00000003.1902343983.000001700ADA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1986940364.000001700AD9F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1977987647.000001700AD9F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1904206934.000001700AD9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 0000000D.00000003.1862168546.000001700245A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861242769.0000017002200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861859493.000001700243C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861525839.000001700241F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862380797.0000017002477000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 0000000D.00000003.2038100768.000001700BD11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
    Source: firefox.exe, 0000000D.00000003.2072151109.0000017005ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2051307416.0000017005E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2045487725.0000017005E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
    Source: firefox.exe, 0000000D.00000003.2072151109.0000017005ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2051307416.0000017005E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2045487725.0000017005E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
    Source: firefox.exe, 0000000D.00000003.2044378240.000001700AC35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
    Source: firefox.exe, 0000000D.00000003.2072151109.0000017005ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2051307416.0000017005E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2045487725.0000017005E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 0000000D.00000003.2040056789.0000017003DF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2063655995.0000017003DF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2080963493.0000017003DF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2000905904.0000017003030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 0000000D.00000003.2068496352.000001700E6AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
    Source: firefox.exe, 0000000D.00000003.2040387463.0000017003D23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064735546.0000017003D23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
    Source: firefox.exe, 0000000D.00000003.2068496352.000001700E6AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
    Source: firefox.exe, 0000000D.00000003.2068496352.000001700E6AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
    Source: firefox.exe, 0000000D.00000003.2068496352.000001700E6AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
    Source: firefox.exe, 0000000D.00000003.2068496352.000001700E6AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
    Source: firefox.exe, 0000000D.00000003.2038821953.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058409942.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
    Source: prefs-1.js.13.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2069739153.000001700C850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2082602733.000001700C850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913168162.000001700C83C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB086000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3060402580.000001E5B9CF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 0000000D.00000003.2068555828.000001700E68B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/3acee2f6-27df-4597-90d2-c9498
    Source: firefox.exe, 0000000D.00000003.2044378240.000001700AC35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 0000000D.00000003.2069795917.000001700C29E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913655356.000001700C299000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2049428734.000001700C29E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2042193789.000001700C29E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 0000000D.00000003.2077597343.0000017003FB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2061549597.0000017003FB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 0000000D.00000003.2077597343.0000017003FB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2061549597.0000017003FB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 0000000D.00000003.2042561118.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2000905904.0000017003030000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2082850536.000001700C287000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000D.00000003.1864186474.0000017001C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865536548.0000017001C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865179231.0000017001C1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
    Source: firefox.exe, 0000000D.00000003.1864186474.0000017001C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865536548.0000017001C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865179231.0000017001C1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
    Source: firefox.exe, 0000000D.00000003.1864186474.0000017001C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865536548.0000017001C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865179231.0000017001C1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
    Source: firefox.exe, 00000010.00000002.3060015276.0000015FEB086000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3060402580.000001E5B9C8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 0000000D.00000003.1929677049.0000017003B38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mochitest.youtube.com/
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ok.ru/
    Source: firefox.exe, 0000000D.00000003.1864186474.0000017001C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865536548.0000017001C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865179231.0000017001C1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 0000000D.00000003.1929677049.0000017003B38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/page/
    Source: firefox.exe, 0000000D.00000003.1929677049.0000017003B38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/player/
    Source: firefox.exe, 0000000D.00000003.1864186474.0000017001C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865536548.0000017001C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865179231.0000017001C1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 0000000D.00000003.2056192835.000001707D943000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
    Source: firefox.exe, 0000000D.00000003.2044378240.000001700AC35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 0000000D.00000003.2040056789.0000017003DBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2080963493.0000017003DBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2063655995.0000017003DBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 0000000D.00000003.1862380797.0000017002477000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 0000000D.00000003.2031295814.0000017003877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 0000000D.00000003.2063655995.0000017003D6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2080963493.0000017003D6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2040056789.0000017003D6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 0000000D.00000003.2063655995.0000017003DBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000D.00000003.2063655995.0000017003DBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 0000000D.00000003.2079045386.0000017003EEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913168162.000001700C83C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB012000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3060402580.000001E5B9C13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 0000000D.00000003.1914463987.000001700AE40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2078623267.0000017003F52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 0000000D.00000003.2038821953.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058409942.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
    Source: firefox.exe, 0000000D.00000003.2038821953.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058409942.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2069739153.000001700C850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2044378240.000001700AC35000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2082602733.000001700C850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913168162.000001700C83C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB086000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3060402580.000001E5B9CF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 00000014.00000002.3060402580.000001E5B9CF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/userZ
    Source: firefox.exe, 0000000D.00000003.2064024392.0000017003CC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064878694.0000017003CC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2040769550.0000017003CC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
    Source: firefox.exe, 0000000D.00000003.2064024392.0000017003CC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2076441291.0000017004187000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064878694.0000017003CC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2040769550.0000017003CC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
    Source: firefox.exe, 0000000D.00000003.2036188927.000001707E269000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 0000000D.00000003.2064024392.0000017003CC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064878694.0000017003CC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1911412886.0000017003E3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2080715957.0000017003E44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2040769550.0000017003CC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1915578233.0000017003E3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 0000000D.00000003.2069795917.000001700C29E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2040056789.0000017003DBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2049428734.000001700C29E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2042193789.000001700C29E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2080963493.0000017003DBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2063655995.0000017003DBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 0000000D.00000003.2048939218.000001700E745000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 0000000D.00000003.2055096676.000001707E229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows
    Source: firefox.exe, 0000000D.00000003.2042746490.000001700AF37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2050862562.000001700AF37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058806217.000001700AF37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
    Source: firefox.exe, 0000000D.00000003.2042746490.000001700AF37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2050862562.000001700AF37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058806217.000001700AF37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
    Source: firefox.exe, 0000000D.00000003.1983387761.0000017005BBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: firefox.exe, 0000000D.00000003.2046126479.0000017005C56000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2073419836.0000017005C65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: firefox.exe, 0000000D.00000003.2048939218.000001700E745000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 0000000D.00000003.2055096676.000001707E229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
    Source: firefox.exe, 0000000D.00000003.2055096676.000001707E229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
    Source: firefox.exe, 0000000D.00000003.2055096676.000001707E229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
    Source: firefox.exe, 0000000D.00000003.2055096676.000001707E229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 0000000D.00000003.2034606500.000001707EF9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
    Source: firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2055028848.000001707EF16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2035705829.000001707EF59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 0000000D.00000003.2044378240.000001700AC35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
    Source: firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2044203264.000001700ACA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2070372832.000001700C28F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
    Source: firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2042561118.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2082850536.000001700C287000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
    Source: firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2042561118.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2082850536.000001700C287000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
    Source: firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2070372832.000001700C28F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2042561118.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2082850536.000001700C287000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048050257.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048441222.000001707D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2055986382.000001707D9B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2035705829.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3061242214.00000189B0EC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB0E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3063132771.000001E5B9E03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
    Source: firefox.exe, 0000000D.00000003.1862168546.000001700245A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861242769.0000017002200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861859493.000001700243C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1926235732.0000017003A82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861525839.000001700241F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1992248696.0000017003A44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862380797.0000017002477000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2042561118.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2082850536.000001700C287000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
    Source: firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2042561118.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2082850536.000001700C287000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
    Source: firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2070372832.000001700C28F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2049428734.000001700C2F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906941040.000001700C2F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913595655.000001700C2F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2069795917.000001700C2F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
    Source: firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2070372832.000001700C28F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2049428734.000001700C2F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906941040.000001700C2F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913595655.000001700C2F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2069795917.000001700C2F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 0000000D.00000003.2049428734.000001700C2F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906941040.000001700C2F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913595655.000001700C2F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2069795917.000001700C2F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
    Source: firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2042561118.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2082850536.000001700C287000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048050257.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048441222.000001707D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2055986382.000001707D9B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2035705829.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3061242214.00000189B0EC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB0E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3063132771.000001E5B9E03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
    Source: firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2044203264.000001700ACA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 0000000D.00000003.1914463987.000001700AE30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
    Source: firefox.exe, 0000000D.00000003.1910418179.000001700C1F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902208103.000001700ADBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 0000000D.00000003.1862168546.000001700245A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861242769.0000017002200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861859493.000001700243C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861525839.000001700241F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862380797.0000017002477000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1992248696.0000017003A44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862380797.0000017002477000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 0000000D.00000003.2080963493.0000017003DF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 0000000D.00000003.1929677049.0000017003B38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hulu.com/watch/
    Source: firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2070372832.000001700C28F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
    Source: firefox.exe, 0000000D.00000003.1929677049.0000017003B38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/
    Source: firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2070372832.000001700C28F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
    Source: firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2070372832.000001700C28F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: firefox.exe, 0000000D.00000003.2035965066.000001707EF42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2067065474.000001707E20A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: firefox.exe, 0000000D.00000003.2048939218.000001700E745000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
    Source: firefox.exe, 0000000D.00000003.1918066733.000001700C5F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1916761070.000001700C5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 0000000D.00000003.2068738222.000001700E630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: firefox.exe, 0000000D.00000003.2048939218.000001700E745000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
    Source: firefox.exe, 0000000D.00000003.2048669333.000001700E75D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2068555828.000001700E68B000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.13.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
    Source: firefox.exe, 0000000D.00000003.2048939218.000001700E745000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2042193789.000001700C2AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2069795917.000001700C2AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
    Source: firefox.exe, 0000000D.00000003.2048939218.000001700E745000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 0000000D.00000003.2068645313.000001700E66A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 0000000D.00000003.2067475692.000001707D95F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2056192835.000001707D95C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3061242214.00000189B0EC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB0C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3060402580.000001E5B9CF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2054829177.000001707EF1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2078623267.0000017003F52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
    Source: firefox.exe, 0000000D.00000003.2038821953.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058409942.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
    Source: firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000F.00000002.3061242214.00000189B0EC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/G
    Source: firefox.exe, 0000000D.00000003.2038821953.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058409942.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
    Source: firefox.exe, 0000000D.00000003.2048939218.000001700E745000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
    Source: firefox.exe, 0000000D.00000003.2077597343.0000017003FB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2061549597.0000017003FB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2044203264.000001700ACA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2042561118.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2082850536.000001700C287000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2055028848.000001707EF16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2042561118.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2035705829.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2082850536.000001700C287000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2070372832.000001700C28F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 0000000D.00000003.2081844995.000001700E155000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2037491125.000001700E155000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2000905904.0000017003030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
    Source: firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2042561118.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2082850536.000001700C287000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
    Source: firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2035705829.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB00A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3060402580.000001E5B9C03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2044203264.000001700ACA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
    Source: firefox.exe, 0000000D.00000003.2055096676.000001707E229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
    Source: firefox.exe, 0000000D.00000003.2060174636.0000017004B90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2046410044.0000017004BA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2075034789.0000017004BA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: firefox.exe, 0000000D.00000003.1913168162.000001700C83C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: recovery.jsonlz4.tmp.13.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 00000014.00000002.3057932292.000001E5B9A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sig
    Source: firefox.exe, 0000000F.00000002.3060841922.00000189B0DB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sig1RPw8
    Source: firefox.exe, 0000000D.00000003.2055096676.000001707E2B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3059244040.00000189B0A4A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3060841922.00000189B0DB4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3057933153.0000015FEAE8A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3063236949.0000015FEB154000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3057070113.000001E5B98AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3057070113.000001E5B98A0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3057932292.000001E5B9A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000B.00000002.1850316925.000002D48707A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.1856691290.000002570ABE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 0000000F.00000002.3059244040.00000189B0A40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3060841922.00000189B0DB4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3057933153.0000015FEAE80000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3063236949.0000015FEB154000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3057070113.000001E5B98A0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3057932292.000001E5B9A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: firefox.exe, 0000000F.00000002.3059244040.00000189B0A40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdeO:d.(
    Source: firefox.exe, 00000010.00000002.3057933153.0000015FEAE80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdf
    Source: firefox.exe, 0000000F.00000002.3059244040.00000189B0A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdqO:p)(
    Source: firefox.exe, 00000010.00000002.3057933153.0000015FEAE8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdr
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
    Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
    Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49743 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49745 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49759 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49768 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49767 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49771 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49772 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.4:49775 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49776 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49777 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49779 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49780 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49778 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49827 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49828 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49826 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_006AEAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_006AED6A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_006AEAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0069AA57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_006C9576

    System Summary

    barindex
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: file.exe, 00000000.00000000.1800574069.00000000006F2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_bca7b30b-a
    Source: file.exe, 00000000.00000000.1800574069.00000000006F2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_64efb787-4
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_7cc91f4d-b
    Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_13632c5b-f
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000015FEB142377 NtQuerySystemInformation,16_2_0000015FEB142377
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000015FEB71A872 NtQuerySystemInformation,16_2_0000015FEB71A872
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0069D5EB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00691201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00691201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0069E8F6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0063BF400_2_0063BF40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006380600_2_00638060
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A20460_2_006A2046
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006982980_2_00698298
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0066E4FF0_2_0066E4FF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0066676B0_2_0066676B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C48730_2_006C4873
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0063CAF00_2_0063CAF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0065CAA00_2_0065CAA0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0064CC390_2_0064CC39
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00666DD90_2_00666DD9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0064D07D0_2_0064D07D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0064B1190_2_0064B119
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006391C00_2_006391C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006513940_2_00651394
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006517060_2_00651706
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0065781B0_2_0065781B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0064997D0_2_0064997D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006379200_2_00637920
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006519B00_2_006519B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00657A4A0_2_00657A4A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00651C770_2_00651C77
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00657CA70_2_00657CA7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006BBE440_2_006BBE44
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00669EEE0_2_00669EEE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00651F320_2_00651F32
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000015FEB14237716_2_0000015FEB142377
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000015FEB71A87216_2_0000015FEB71A872
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000015FEB71A8B216_2_0000015FEB71A8B2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000015FEB71AF9C16_2_0000015FEB71AF9C
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0064F9F2 appears 31 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00650A30 appears 46 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal72.troj.evad.winEXE@34/36@65/12
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A37B5 GetLastError,FormatMessageW,0_2_006A37B5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006910BF AdjustTokenPrivileges,CloseHandle,0_2_006910BF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006916C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_006916C3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_006A51CD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_0069D4DC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_006A648E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006342A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_006342A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7716:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7656:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7588:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7780:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7488:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeReversingLabs: Detection: 34%
    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2292 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2212 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c855319-f837-426b-8ab4-f0b0b7a6bab5} 7880 "\\.\pipe\gecko-crash-server-pipe.7880" 1707216ef10 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4524 -parentBuildID 20230927232528 -prefsHandle 4536 -prefMapHandle 4532 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f62e6612-366c-42fe-84de-5df465843634} 7880 "\\.\pipe\gecko-crash-server-pipe.7880" 17004818810 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1552 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 2504 -prefMapHandle 2516 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {365afaa5-ae5a-4294-93d9-4bd644b6d0a1} 7880 "\\.\pipe\gecko-crash-server-pipe.7880" 17003482110 utility
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2292 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2212 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c855319-f837-426b-8ab4-f0b0b7a6bab5} 7880 "\\.\pipe\gecko-crash-server-pipe.7880" 1707216ef10 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4524 -parentBuildID 20230927232528 -prefsHandle 4536 -prefMapHandle 4532 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f62e6612-366c-42fe-84de-5df465843634} 7880 "\\.\pipe\gecko-crash-server-pipe.7880" 17004818810 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1552 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 2504 -prefMapHandle 2516 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {365afaa5-ae5a-4294-93d9-4bd644b6d0a1} 7880 "\\.\pipe\gecko-crash-server-pipe.7880" 17003482110 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.13.dr
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_006342DE
    Source: gmpopenh264.dll.tmp.13.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00650A76 push ecx; ret 0_2_00650A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0064F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0064F98E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_006C1C41
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-95419
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000015FEB142377 rdtsc 16_2_0000015FEB142377
    Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.6 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0069DBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A68EE FindFirstFileW,FindClose,0_2_006A68EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_006A698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0069D076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0069D3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_006A9642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_006A979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_006A9B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_006A5C97
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_006342DE
    Source: firefox.exe, 0000000F.00000002.3064725195.00000189B1340000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll9
    Source: firefox.exe, 00000010.00000002.3063565611.0000015FEB5C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW|
    Source: firefox.exe, 0000000F.00000002.3064725195.00000189B1340000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllp
    Source: firefox.exe, 0000000F.00000002.3064725195.00000189B1340000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
    Source: firefox.exe, 00000010.00000002.3063565611.0000015FEB5D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllt
    Source: firefox.exe, 0000000F.00000002.3059244040.00000189B0A4A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3064725195.00000189B1340000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3057070113.000001E5B98AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3062930226.000001E5B9D00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 0000000F.00000002.3063923171.00000189B0F16000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 0000000F.00000002.3064725195.00000189B1340000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWO:
    Source: firefox.exe, 00000010.00000002.3057933153.0000015FEAE8A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0d\
    Source: firefox.exe, 00000010.00000002.3063565611.0000015FEB5D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll^
    Source: firefox.exe, 0000000F.00000002.3059244040.00000189B0A4A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3063565611.0000015FEB5D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000015FEB142377 rdtsc 16_2_0000015FEB142377
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AEAA2 BlockInput,0_2_006AEAA2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00662622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00662622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_006342DE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00654CE8 mov eax, dword ptr fs:[00000030h]0_2_00654CE8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00690B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00690B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00662622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00662622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0065083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0065083F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006509D5 SetUnhandledExceptionFilter,0_2_006509D5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00650C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00650C21
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00691201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00691201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00672BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00672BA5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069B226 SendInput,keybd_event,0_2_0069B226
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_006B22DA
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00690B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00690B62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00691663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00691663
    Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: file.exeBinary or memory string: Shell_TrayWnd
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00650698 cpuid 0_2_00650698
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_006A8195
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0068D27A GetUserNameW,0_2_0068D27A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0066BB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_0066BB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_006342DE

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 7464, type: MEMORYSTR
    Source: file.exeBinary or memory string: WIN_81
    Source: file.exeBinary or memory string: WIN_XP
    Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: file.exeBinary or memory string: WIN_XPe
    Source: file.exeBinary or memory string: WIN_VISTA
    Source: file.exeBinary or memory string: WIN_7
    Source: file.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 7464, type: MEMORYSTR
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_006B1204
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_006B1806
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts
    1
    Windows Management Instrumentation
    1
    DLL Side-Loading
    1
    Exploitation for Privilege Escalation
    2
    Disable or Modify Tools
    21
    Input Capture
    2
    System Time Discovery
    Remote Services1
    Archive Collected Data
    2
    Ingress Tool Transfer
    Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API
    2
    Valid Accounts
    1
    DLL Side-Loading
    1
    Deobfuscate/Decode Files or Information
    LSASS Memory1
    Account Discovery
    Remote Desktop Protocol21
    Input Capture
    12
    Encrypted Channel
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection
    2
    Obfuscated Files or Information
    Security Account Manager2
    File and Directory Discovery
    SMB/Windows Admin Shares3
    Clipboard Data
    2
    Non-Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts
    1
    DLL Side-Loading
    NTDS16
    System Information Discovery
    Distributed Component Object ModelInput Capture3
    Application Layer Protocol
    Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation
    1
    Extra Window Memory Injection
    LSA Secrets131
    Security Software Discovery
    SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection
    1
    Masquerading
    Cached Domain Credentials1
    Virtualization/Sandbox Evasion
    VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts
    DCSync3
    Process Discovery
    Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Virtualization/Sandbox Evasion
    Proc Filesystem1
    Application Window Discovery
    Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation
    /etc/passwd and /etc/shadow1
    System Owner/User Discovery
    Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection
    Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1559584 Sample: file.exe Startdate: 20/11/2024 Architecture: WINDOWS Score: 72 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Multi AV Scanner detection for submitted file 2->57 59 Yara detected Credential Flusher 2->59 61 Binary is likely a compiled AutoIt script file 2->61 63 2 other signatures 2->63 8 file.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 227 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.181.78, 443, 49738, 49739 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49740, 49746, 49750 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    file.exe34%ReversingLabsWin32.Trojan.AutoitInject
    file.exe100%Joe Sandbox ML
    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    93.184.215.14
    truefalse
      high
      star-mini.c10r.facebook.com
      157.240.195.35
      truefalse
        high
        prod.classify-client.prod.webservices.mozgcp.net
        35.190.72.216
        truefalse
          high
          prod.balrog.prod.cloudops.mozgcp.net
          35.244.181.201
          truefalse
            high
            twitter.com
            104.244.42.1
            truefalse
              high
              prod.detectportal.prod.cloudops.mozgcp.net
              34.107.221.82
              truefalse
                high
                services.addons.mozilla.org
                151.101.1.91
                truefalse
                  high
                  dyna.wikimedia.org
                  185.15.58.224
                  truefalse
                    high
                    prod.remote-settings.prod.webservices.mozgcp.net
                    34.149.100.209
                    truefalse
                      high
                      contile.services.mozilla.com
                      34.117.188.166
                      truefalse
                        high
                        youtube.com
                        142.250.181.78
                        truefalse
                          high
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          34.160.144.191
                          truefalse
                            high
                            youtube-ui.l.google.com
                            142.250.181.46
                            truefalse
                              high
                              us-west1.prod.sumo.prod.webservices.mozgcp.net
                              34.149.128.2
                              truefalse
                                high
                                reddit.map.fastly.net
                                151.101.65.140
                                truefalse
                                  high
                                  ipv4only.arpa
                                  192.0.0.170
                                  truefalse
                                    high
                                    prod.ads.prod.webservices.mozgcp.net
                                    34.117.188.166
                                    truefalse
                                      high
                                      push.services.mozilla.com
                                      34.107.243.93
                                      truefalse
                                        high
                                        normandy-cdn.services.mozilla.com
                                        35.201.103.21
                                        truefalse
                                          high
                                          telemetry-incoming.r53-2.services.mozilla.com
                                          34.120.208.123
                                          truefalse
                                            high
                                            www.reddit.com
                                            unknown
                                            unknownfalse
                                              high
                                              spocs.getpocket.com
                                              unknown
                                              unknownfalse
                                                high
                                                content-signature-2.cdn.mozilla.net
                                                unknown
                                                unknownfalse
                                                  high
                                                  support.mozilla.org
                                                  unknown
                                                  unknownfalse
                                                    high
                                                    firefox.settings.services.mozilla.com
                                                    unknown
                                                    unknownfalse
                                                      high
                                                      www.youtube.com
                                                      unknown
                                                      unknownfalse
                                                        high
                                                        www.facebook.com
                                                        unknown
                                                        unknownfalse
                                                          high
                                                          detectportal.firefox.com
                                                          unknown
                                                          unknownfalse
                                                            high
                                                            normandy.cdn.mozilla.net
                                                            unknown
                                                            unknownfalse
                                                              high
                                                              shavar.services.mozilla.com
                                                              unknown
                                                              unknownfalse
                                                                high
                                                                www.wikipedia.org
                                                                unknown
                                                                unknownfalse
                                                                  high
                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    high
                                                                    https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2044378240.000001700AC35000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2071683366.00000170061AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2083735092.00000170061AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB0C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3060402580.000001E5B9CC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                          high
                                                                          https://datastudio.google.com/embed/reporting/firefox.exe, 0000000D.00000003.2071683366.000001700616C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2083735092.0000017006180000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2000905904.0000017003030000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://www.mozilla.com0gmpopenh264.dll.tmp.13.drfalse
                                                                              high
                                                                              https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048050257.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048441222.000001707D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2055986382.000001707D9B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2035705829.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3061242214.00000189B0EC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB0E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3063132771.000001E5B9E03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                high
                                                                                https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000010.00000002.3060015276.0000015FEB086000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3060402580.000001E5B9C8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://www.leboncoin.fr/firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2070372832.000001700C28F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://spocs.getpocket.com/spocsfirefox.exe, 0000000D.00000003.1914463987.000001700AE40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2078623267.0000017003F52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://completion.amazon.com/search/complete?q=firefox.exe, 0000000D.00000003.1862168546.000001700245A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861242769.0000017002200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861859493.000001700243C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861525839.000001700241F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862380797.0000017002477000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000D.00000003.2076441291.0000017004187000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 0000000D.00000003.2068496352.000001700E6AF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://monitor.firefox.com/breach-details/firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 0000000D.00000003.2072151109.0000017005ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2051307416.0000017005E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2045487725.0000017005E7E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 0000000D.00000003.2055096676.000001707E229000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000D.00000003.1862168546.000001700245A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861242769.0000017002200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861859493.000001700243C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1926235732.0000017003A82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861525839.000001700241F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1992248696.0000017003A44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862380797.0000017002477000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://profiler.firefox.com/firefox.exe, 0000000D.00000003.2056192835.000001707D943000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://www.msn.comfirefox.exe, 0000000D.00000003.2077597343.0000017003FB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2061549597.0000017003FB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000D.00000003.1862168546.000001700245A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861242769.0000017002200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861859493.000001700243C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861525839.000001700241F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862380797.0000017002477000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://exslt.org/setsfirefox.exe, 0000000D.00000003.2067159233.000001707D98A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2056192835.000001707D98A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048441222.000001707D98A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2041272309.000001707D98A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://youtube.com/firefox.exe, 0000000D.00000003.1913168162.000001700C83C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://content-signature-2.cdn.mozilla.net/firefox.exe, 0000000D.00000003.2070530917.000001700C1E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94firefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048050257.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048441222.000001707D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2055986382.000001707D9B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2035705829.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3061242214.00000189B0EC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB0E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3063132771.000001E5B9E03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                                                                high
                                                                                                                                https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 0000000D.00000003.2068645313.000001700E66A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingfirefox.exe, 0000000D.00000003.2055096676.000001707E229000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://www.instagram.com/firefox.exe, 0000000D.00000003.1929677049.0000017003B38000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://api.accounts.firefox.com/v1firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          http://exslt.org/commonfirefox.exe, 0000000D.00000003.2067159233.000001707D98A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2056192835.000001707D98A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048441222.000001707D98A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2041272309.000001707D98A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://ok.ru/firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://www.amazon.com/firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2042561118.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2082850536.000001700C287000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  https://fpn.firefox.comfirefox.exe, 0000000D.00000003.2035965066.000001707EF42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2067065474.000001707E20A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      http://exslt.org/dates-and-timesfirefox.exe, 0000000D.00000003.2056192835.000001707D961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2067475692.000001707D961000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctafirefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048050257.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048441222.000001707D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2055986382.000001707D9B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2035705829.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3061242214.00000189B0EC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB0E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3063132771.000001E5B9E03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                                                                                          high
                                                                                                                                                          https://www.youtube.com/firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2035705829.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB00A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3060402580.000001E5B9C03000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000D.00000003.1971804620.0000017002FA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1972672037.0000017002FBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1973570653.0000017003053000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                https://www.bbc.co.uk/firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2070372832.000001700C28F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000D.00000003.2068645313.000001700E66A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2071683366.00000170061AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2083735092.00000170061AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2078623267.0000017003F52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB0C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3060402580.000001E5B9CC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      http://127.0.0.1:firefox.exe, 0000000D.00000003.2075295726.0000017004839000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000D.00000003.1973570653.0000017003053000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1972492027.0000017002F8E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          high
                                                                                                                                                                          https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000D.00000003.2031295814.0000017003877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            https://bugzilla.mofirefox.exe, 0000000D.00000003.2068645313.000001700E66A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2036079625.000001707EF32000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              https://mitmdetection.services.mozilla.com/firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                high
                                                                                                                                                                                https://amazon.comfirefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 0000000D.00000003.2064024392.0000017003CC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064878694.0000017003CC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2040769550.0000017003CC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    https://youtube.com/account?=recovery.jsonlz4.tmp.13.drfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      https://shavar.services.mozilla.com/firefox.exe, 0000000D.00000003.2063655995.0000017003DBE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 0000000D.00000003.2055096676.000001707E229000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          https://spocs.getpocket.com/firefox.exe, 0000000D.00000003.2079045386.0000017003EEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913168162.000001700C83C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB012000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3060402580.000001E5B9C13000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                              high
                                                                                                                                                                                              https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                  high
                                                                                                                                                                                                  https://www.iqiyi.com/firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2070372832.000001700C28F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                      high
                                                                                                                                                                                                      https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                          high
                                                                                                                                                                                                          https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 0000000D.00000003.2072151109.0000017005ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2051307416.0000017005E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2045487725.0000017005E7E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            high
                                                                                                                                                                                                            https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                              high
                                                                                                                                                                                                              https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                high
                                                                                                                                                                                                                https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                  high
                                                                                                                                                                                                                  https://monitor.firefox.com/aboutfirefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                    high
                                                                                                                                                                                                                    http://mozilla.org/MPL/2.0/.firefox.exe, 0000000D.00000003.2075034789.0000017004BD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1986940364.000001700ADA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2039334216.000001700AE9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2031295814.0000017003877000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1869143291.00000170030F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2001617100.0000017003B35000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2003986189.0000017003B46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2046126479.0000017005C56000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1993070539.0000017003851000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2025941364.0000017002FF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2031473372.00000170030CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902343983.000001700ADA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2075034789.0000017004BAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2046355597.0000017005C32000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2071683366.000001700616C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2073513970.0000017005C56000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2060632040.0000017004A8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2000978599.0000017002FF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902257061.000001700ADB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2024543657.0000017003B3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2073609309.0000017005C32000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      high
                                                                                                                                                                                                                      https://account.bellmedia.cfirefox.exe, 0000000D.00000003.2077597343.0000017003FB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2061549597.0000017003FB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        high
                                                                                                                                                                                                                        https://login.microsoftonline.comfirefox.exe, 0000000D.00000003.2077597343.0000017003FB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2061549597.0000017003FB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          high
                                                                                                                                                                                                                          https://coverage.mozilla.orgfirefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                            high
                                                                                                                                                                                                                            http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.13.drfalse
                                                                                                                                                                                                                              high
                                                                                                                                                                                                                              https://www.zhihu.com/firefox.exe, 0000000D.00000003.2075295726.0000017004868000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2044203264.000001700ACA7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                http://x1.c.lencr.org/0firefox.exe, 0000000D.00000003.2069795917.000001700C2E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2049428734.000001700C2E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                  http://x1.i.lencr.org/0firefox.exe, 0000000D.00000003.2069795917.000001700C2E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2049428734.000001700C2E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                    https://blocked.cdn.mozilla.net/firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                      high
                                                                                                                                                                                                                                      https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 0000000D.00000003.2042746490.000001700AF37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2050862562.000001700AF37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058806217.000001700AF37000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        high
                                                                                                                                                                                                                                        https://json-schema.org/draft/2019-09/schemafirefox.exe, 0000000D.00000003.2069795917.000001700C29E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1913655356.000001700C299000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2049428734.000001700C29E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2042193789.000001700C29E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          high
                                                                                                                                                                                                                                          http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 0000000D.00000003.2042746490.000001700AF37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2055096676.000001707E229000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2050862562.000001700AF37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2058806217.000001700AF37000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            high
                                                                                                                                                                                                                                            https://profiler.firefox.comfirefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                              high
                                                                                                                                                                                                                                              https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 0000000D.00000003.1864186474.0000017001C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865536548.0000017001C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865179231.0000017001C1F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                                https://identity.mozilla.com/apps/relayfirefox.exe, 0000000D.00000003.2040387463.0000017003D23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2064735546.0000017003D23000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                                  https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                                    https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000D.00000003.2046126479.0000017005C56000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2073419836.0000017005C65000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      high
                                                                                                                                                                                                                                                      https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000D.00000003.1971804620.0000017002FA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1972672037.0000017002FBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1973570653.0000017003053000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        high
                                                                                                                                                                                                                                                        https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 0000000D.00000003.1864186474.0000017001C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865536548.0000017001C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1865179231.0000017001C1F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          high
                                                                                                                                                                                                                                                          https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 0000000D.00000003.2068645313.000001700E66A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            high
                                                                                                                                                                                                                                                            https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgfirefox.exe, 0000000D.00000003.2048199990.000001707EF15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048050257.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2048441222.000001707D9AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2055986382.000001707D9B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2035705829.000001707EF59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3061242214.00000189B0EC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3060015276.0000015FEB0E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3063132771.000001E5B9E03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                                                                                                                                                                                              high
                                                                                                                                                                                                                                                              https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                                                https://www.amazon.co.uk/firefox.exe, 0000000D.00000003.1907336748.000001700C263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2070372832.000001700C28F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                                                  https://monitor.firefox.com/user/preferencesfirefox.exe, 0000000F.00000002.3060062757.00000189B0B70000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3063829783.0000015FEB6C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3059793421.000001E5B9A90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                                                    https://screenshots.firefox.com/firefox.exe, 0000000D.00000003.1862380797.0000017002477000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      high
                                                                                                                                                                                                                                                                      https://www.google.com/searchfirefox.exe, 0000000D.00000003.1914283323.000001700AF7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1992248696.0000017003A44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1862380797.0000017002477000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        high
                                                                                                                                                                                                                                                                        https://gpuweb.github.io/gpuweb/firefox.exe, 0000000D.00000003.2072151109.0000017005ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2051307416.0000017005E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2045487725.0000017005E7E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          high
                                                                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                          • 75% < No. of IPs
                                                                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                          151.101.1.91
                                                                                                                                                                                                                                                                          services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                          54113FASTLYUSfalse
                                                                                                                                                                                                                                                                          34.149.100.209
                                                                                                                                                                                                                                                                          prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.107.243.93
                                                                                                                                                                                                                                                                          push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.107.221.82
                                                                                                                                                                                                                                                                          prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.244.181.201
                                                                                                                                                                                                                                                                          prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.117.188.166
                                                                                                                                                                                                                                                                          contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                          35.201.103.21
                                                                                                                                                                                                                                                                          normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.190.72.216
                                                                                                                                                                                                                                                                          prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          142.250.181.78
                                                                                                                                                                                                                                                                          youtube.comUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.160.144.191
                                                                                                                                                                                                                                                                          prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.120.208.123
                                                                                                                                                                                                                                                                          telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          IP
                                                                                                                                                                                                                                                                          127.0.0.1
                                                                                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                          Analysis ID:1559584
                                                                                                                                                                                                                                                                          Start date and time:2024-11-20 17:40:08 +01:00
                                                                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                          Overall analysis duration:0h 7m 15s
                                                                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                          Number of analysed new started processes analysed:22
                                                                                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                          Sample name:file.exe
                                                                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                                                                          Classification:mal72.troj.evad.winEXE@34/36@65/12
                                                                                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 50%
                                                                                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 95%
                                                                                                                                                                                                                                                                          • Number of executed functions: 40
                                                                                                                                                                                                                                                                          • Number of non-executed functions: 314
                                                                                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 52.12.64.98, 35.80.238.59, 35.164.125.63, 172.217.17.74, 142.250.181.138, 172.217.17.78, 88.221.134.155, 88.221.134.209
                                                                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, slscr.update.microsoft.com, otelrules.azureedge.net, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                          • VT rate limit hit for: file.exe
                                                                                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                                                                                          11:41:29API Interceptor1x Sleep call for process: firefox.exe modified
                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          34.117.188.166file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                              151.101.1.91file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  34.149.100.209file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                      example.orgfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      twitter.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                      star-mini.c10r.facebook.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.0.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.253.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.253.35
                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                      FASTLYUSLxvS6uMf0g.exeGet hashmaliciousAcrid StealerBrowse
                                                                                                                                                                                                                                                                                                                                      • 199.232.196.193
                                                                                                                                                                                                                                                                                                                                      https://amstoree.z13.web.core.windows.netGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.66.137
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      ACH-information-Ag.pdf.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.229
                                                                                                                                                                                                                                                                                                                                      797F2AEA-982C-4B8E-84F4-E90FD6A89D27.1_originalmail.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                      797F2AEA-982C-4B8E-84F4-E90FD6A89D27.1_originalmail.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                      https://url.us.m.mimecastprotect.com/s/cx8GCJ6Aj8C8mZ33UVfXHy0nVz?domain=canva.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                      Isabella County Emergency Management-protected.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                      GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.116.198.130
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      ATGS-MMD-ASUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      https://pib.login-uk.mimecast.com/u/login/?gta=secure&tkn=3.NC0QDc8Wcx0dHYIyK87aHx-6EOCiyG0Ksn5KcwbjKTBX0aWXz_pzSxGNasCXm0IvpIy6CFFQvQyXFXm7InF3zIueswFC_GPgsliIBZrOHFx--kjuP6hbmebwSKGhqZpX.EzM5YqGuvKf-M-m1D6Kp1Q#/change-password/IVoqqJ6PETXLx5ML9Tojj40C5CNhzMmc56xAK6aopPIIVkr_FpvggkqGZT9jZhzNRNzZnBC0FBFYpZ_ZeaW9u3xoKEnXd74qgZ09wVf-ih5sQlp_JK2KbVZ2bIzCnJ_PgBKMn4FKWik_kEEHerQwBEmxCta_xDAcNwP3U9L5w0JXE41fUT_xtnIsBQVbgUGpgC9dQuMmbk7bgBNC-Y0P9KydDFdsQU-AyTVGS1gscgcKiFrw7--s1-72XJ9F0NowHMkBZk_APYXQbA3MY_sV7AGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.36.213.229
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                      fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.176843843742813
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:ojMXAi9cbhbVbTbfbRbObtbyEl7nwrJJA6WnSrDtTUd/SkDrj:oYhcNhnzFSJQrkBnSrDhUd/R
                                                                                                                                                                                                                                                                                                                                                          MD5:40DFA885FB060731E9C9E083332C7A14
                                                                                                                                                                                                                                                                                                                                                          SHA1:C181ED9220F98EFA13617AC1FB57B570C725E63F
                                                                                                                                                                                                                                                                                                                                                          SHA-256:FB00B1826C1B402349535F851311574C22123503EDFED1B468348DC25661AA81
                                                                                                                                                                                                                                                                                                                                                          SHA-512:CCFDC3181FE9E286DA44B6DA369C1D247BD9F52618CD4C49BED80834A3EA6B9EB0E017801DAB400032724A72339FBEC3A6E4647CE01B386B417B437A3245F3B3
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"type":"uninstall","id":"783d9b81-f99d-4338-b2f2-ca75139fb29e","creationDate":"2024-11-20T18:40:52.981Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.176843843742813
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:ojMXAi9cbhbVbTbfbRbObtbyEl7nwrJJA6WnSrDtTUd/SkDrj:oYhcNhnzFSJQrkBnSrDhUd/R
                                                                                                                                                                                                                                                                                                                                                          MD5:40DFA885FB060731E9C9E083332C7A14
                                                                                                                                                                                                                                                                                                                                                          SHA1:C181ED9220F98EFA13617AC1FB57B570C725E63F
                                                                                                                                                                                                                                                                                                                                                          SHA-256:FB00B1826C1B402349535F851311574C22123503EDFED1B468348DC25661AA81
                                                                                                                                                                                                                                                                                                                                                          SHA-512:CCFDC3181FE9E286DA44B6DA369C1D247BD9F52618CD4C49BED80834A3EA6B9EB0E017801DAB400032724A72339FBEC3A6E4647CE01B386B417B437A3245F3B3
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"type":"uninstall","id":"783d9b81-f99d-4338-b2f2-ca75139fb29e","creationDate":"2024-11-20T18:40:52.981Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                          MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                          SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                          SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                          SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                          MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                          SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                          SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.927959206165103
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:48:YnSwkmrOfJNmPUFpOdwNIOdoWLEWLtkDLuuukx5FBvipA6kbbXjQthvLuhakNB9u:8S+OfJQPUFpOdwNIOdYVjvYcXaNLuB8P
                                                                                                                                                                                                                                                                                                                                                          MD5:56AFA1BA2578F6BBE4BE3B847C5DC4D9
                                                                                                                                                                                                                                                                                                                                                          SHA1:F64420ECCE13D5CF22D0230ACAFFEE0EF966728F
                                                                                                                                                                                                                                                                                                                                                          SHA-256:E03427466F00C825B28712516FB78439E93B1EBBD50644481E2A7C01664F6904
                                                                                                                                                                                                                                                                                                                                                          SHA-512:30AB1D2CB396108A91344CDA74B244E60E8754D9D0E3C081DC4F46C4487F9ADBCB4B52318E345833F5E329DF53F13AE7224F8B0E8957CFF58F547780562B5E74
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.927959206165103
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:48:YnSwkmrOfJNmPUFpOdwNIOdoWLEWLtkDLuuukx5FBvipA6kbbXjQthvLuhakNB9u:8S+OfJQPUFpOdwNIOdYVjvYcXaNLuB8P
                                                                                                                                                                                                                                                                                                                                                          MD5:56AFA1BA2578F6BBE4BE3B847C5DC4D9
                                                                                                                                                                                                                                                                                                                                                          SHA1:F64420ECCE13D5CF22D0230ACAFFEE0EF966728F
                                                                                                                                                                                                                                                                                                                                                          SHA-256:E03427466F00C825B28712516FB78439E93B1EBBD50644481E2A7C01664F6904
                                                                                                                                                                                                                                                                                                                                                          SHA-512:30AB1D2CB396108A91344CDA74B244E60E8754D9D0E3C081DC4F46C4487F9ADBCB4B52318E345833F5E329DF53F13AE7224F8B0E8957CFF58F547780562B5E74
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):5312
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                                                                                                                          MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                                                                                                                          SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                                                                                                                          SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                                                                                                                          SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):5312
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                                                                                                                          MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                                                                                                                          SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                                                                                                                          SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                                                                                                                          SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"schema":6,"addons":[]}
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"schema":6,"addons":[]}
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 5
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.04905391753567332
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:DLivwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:D6wae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                          MD5:DD9D28E87ED57D16E65B14501B4E54D1
                                                                                                                                                                                                                                                                                                                                                          SHA1:793839B47326441BE2D1336BA9A61C9B948C578D
                                                                                                                                                                                                                                                                                                                                                          SHA-256:BB4E6C58C50BD6399ED70468C02B584595C29F010B66F864CD4D6B427FA365BC
                                                                                                                                                                                                                                                                                                                                                          SHA-512:A2626F6A3CBADE62E38DA5987729D99830D0C6AA134D4A9E615026A5F18ACBB11A2C3C80917DAD76DA90ED5BAA9B0454D4A3C2DD04436735E78C974BA1D035B1
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.185924656884556
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                                                                                                                                                                                                                                                                                          MD5:5656BA69BD2966108A461AAE35F60226
                                                                                                                                                                                                                                                                                                                                                          SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                                                                                                                                                                                                                                                                                          SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                                                                                                                                                                                                                                                                                          SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.185924656884556
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                                                                                                                                                                                                                                                                                          MD5:5656BA69BD2966108A461AAE35F60226
                                                                                                                                                                                                                                                                                                                                                          SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                                                                                                                                                                                                                                                                                          SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                                                                                                                                                                                                                                                                                          SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                          MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                          MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.07319596011987578
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkiy:DLhesh7Owd4+jiy
                                                                                                                                                                                                                                                                                                                                                          MD5:D65C6921DBBE3D6F7FA2D94DD9EBEC5F
                                                                                                                                                                                                                                                                                                                                                          SHA1:E666B43A73EE845A9C40D2546E0F46634EA42A06
                                                                                                                                                                                                                                                                                                                                                          SHA-256:DA7C26AAC1A1A44D4F0C6486257BBA780EA426EF8F633B9DADAF13DB7D8E7E83
                                                                                                                                                                                                                                                                                                                                                          SHA-512:043AB043E52319F29AC8EE1C0BF988F57668DB4CD729C13102B17A34E5270B7DFA09B690F5790476AE7B91D16ADC63DDC8225F4C26C8DC107EF216D82297C832
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.035699946889726504
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:GtlstF+GlZ0C4+ao/ltlstF+GlZ0C4+C/lL89//alEl:GtWt8GlZW+aoltWt8GlZW+C/x89XuM
                                                                                                                                                                                                                                                                                                                                                          MD5:A8D8CDF27C530465A2F67243EBA517DA
                                                                                                                                                                                                                                                                                                                                                          SHA1:4342FB0664EFEFD3FDAC403623187FC66080D96F
                                                                                                                                                                                                                                                                                                                                                          SHA-256:1F23ED11C0A677B9FAE45B87245FE22AD12FCD829FF3AA6A5CA4A25C0CCA37C5
                                                                                                                                                                                                                                                                                                                                                          SHA-512:1587DDDB1F2387FBC56EEB8938DEBDEC8DB9EDD72D10E049BCE75DB2050B9DDC62BBE6327822E5A01346961AF61E587557A214244D69F1D76D4857DB16E87486
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:..-.......................lH..4&.{N.`..R..sp+...-.......................lH..4&.{N.`..R..sp+.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):32824
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.04001911727921433
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:Ol1cBbu4lfZv25dd/ll8rEXsxdwhml8XW3R2:K604Lv25H/ll8dMhm93w
                                                                                                                                                                                                                                                                                                                                                          MD5:DD7528E5BB0983A29A2C6F33A88BA8F3
                                                                                                                                                                                                                                                                                                                                                          SHA1:D08B6330E82DA144E1C6D4BE0F7FFED18B7DD381
                                                                                                                                                                                                                                                                                                                                                          SHA-256:2A972F7271E8AE7B5851DD5BA0BB03429741317C05D68DEAD428D34E2486C236
                                                                                                                                                                                                                                                                                                                                                          SHA-512:29436C28B46BE1A1EACD3A56350122331F2C1DBDE8E0AC2D144E7856E1A16422700B11C055D0A61F7A3E61032798166FBD41CB8858F71EA5E0FE06C60BF7BB68
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:7....-...........{N.`..R..~.I...........{N.`..RHl..&4..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):13254
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.492533728837749
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:01naRtLYbBp6mhj4qyaaXB6KtnNG85RfGNBw8dpSl:vesqHuNLcw60
                                                                                                                                                                                                                                                                                                                                                          MD5:B97CA1F5518646923FE352660E8A7A22
                                                                                                                                                                                                                                                                                                                                                          SHA1:E12C2E1CF845262383D7185DDD9DD05690C9BD6D
                                                                                                                                                                                                                                                                                                                                                          SHA-256:E42C462D1B5D749F1F9062E811E80295C80B0E0481D98D925113AFA9FDD495E2
                                                                                                                                                                                                                                                                                                                                                          SHA-512:1A99A6C46F6AD3E0587022A84C5FCAC99D91050E2A2633EB3F0D227B30DCEC59179589407CC813CCA0875C1BC481E2FFC09ACE568101A0BCC0D5EF01AC16E3EA
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1732128023);..user_pref("app.update.lastUpdateTime.background-update-timer", 1732128023);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1732128023);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173212
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):13254
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.492533728837749
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:01naRtLYbBp6mhj4qyaaXB6KtnNG85RfGNBw8dpSl:vesqHuNLcw60
                                                                                                                                                                                                                                                                                                                                                          MD5:B97CA1F5518646923FE352660E8A7A22
                                                                                                                                                                                                                                                                                                                                                          SHA1:E12C2E1CF845262383D7185DDD9DD05690C9BD6D
                                                                                                                                                                                                                                                                                                                                                          SHA-256:E42C462D1B5D749F1F9062E811E80295C80B0E0481D98D925113AFA9FDD495E2
                                                                                                                                                                                                                                                                                                                                                          SHA-512:1A99A6C46F6AD3E0587022A84C5FCAC99D91050E2A2633EB3F0D227B30DCEC59179589407CC813CCA0875C1BC481E2FFC09ACE568101A0BCC0D5EF01AC16E3EA
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1732128023);..user_pref("app.update.lastUpdateTime.background-update-timer", 1732128023);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1732128023);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173212
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:6:ltBl/l4/WN1h4BEJYqWvLue3FMOrMZ0l:DBl/WuntfJiFxMZO
                                                                                                                                                                                                                                                                                                                                                          MD5:18F65713B07CB441E6A98655B726D098
                                                                                                                                                                                                                                                                                                                                                          SHA1:2CEFA32BC26B25BE81C411B60C9925CB0F1F8F88
                                                                                                                                                                                                                                                                                                                                                          SHA-256:B6C268E48546B113551A5AF9CA86BB6A462A512DE6C9289315E125CEB0FD8621
                                                                                                                                                                                                                                                                                                                                                          SHA-512:A6871076C7D7ED53B630F9F144ED04303AD54A2E60B94ECA2AA96964D1AB375EEFDCA86CE0D3EB0E9DBB81470C6BD159877125A080C95EB17E54A52427F805FB
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                          MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                          SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                          SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                          SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                          MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                          SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                          SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                          SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 5862 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1601
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.356411347532022
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:vkSUGlcAxSM0LXnIghX/pnxQwRlsQZspHytnGH3j6xiMxtdL/5QH2oXpTurfNge4:cpOxB0znRfZYSkGxHx5kpTWNR4
                                                                                                                                                                                                                                                                                                                                                          MD5:CA81DB84776916E34815439C20F8FC10
                                                                                                                                                                                                                                                                                                                                                          SHA1:85BC4DE5027A2D8ABD34C432ED39DCE78B27B705
                                                                                                                                                                                                                                                                                                                                                          SHA-256:843A43E3A983D408639595F9EF30BDE5BC88B6A41383C443579EB5EF8C85FB77
                                                                                                                                                                                                                                                                                                                                                          SHA-512:2E4EC97870A2E89666212B2DCD5E321826304912B2EEB27459AC1BB4D878799293320DB1A4101565EB1CDC433E55D60127E5270F60DE39AD8EE6520DE8684787
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{22562fbe-5590-4add-addc-e8c6dc83a64f}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1732128042835,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758..Pdth":....,"height":1024,"screenX......Y..Aizem..."maximize......BeforeMin...&..workspace:...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zE..1...Wn..m........k..;....1":{..jUpdate...6,"startTim..a799291...centCrash..B0},".....Dcook.. hod..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,a.Donly..fexpiry...04127,"originA..
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 5862 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1601
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.356411347532022
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:vkSUGlcAxSM0LXnIghX/pnxQwRlsQZspHytnGH3j6xiMxtdL/5QH2oXpTurfNge4:cpOxB0znRfZYSkGxHx5kpTWNR4
                                                                                                                                                                                                                                                                                                                                                          MD5:CA81DB84776916E34815439C20F8FC10
                                                                                                                                                                                                                                                                                                                                                          SHA1:85BC4DE5027A2D8ABD34C432ED39DCE78B27B705
                                                                                                                                                                                                                                                                                                                                                          SHA-256:843A43E3A983D408639595F9EF30BDE5BC88B6A41383C443579EB5EF8C85FB77
                                                                                                                                                                                                                                                                                                                                                          SHA-512:2E4EC97870A2E89666212B2DCD5E321826304912B2EEB27459AC1BB4D878799293320DB1A4101565EB1CDC433E55D60127E5270F60DE39AD8EE6520DE8684787
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{22562fbe-5590-4add-addc-e8c6dc83a64f}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1732128042835,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758..Pdth":....,"height":1024,"screenX......Y..Aizem..."maximize......BeforeMin...&..workspace:...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zE..1...Wn..m........k..;....1":{..jUpdate...6,"startTim..a799291...centCrash..B0},".....Dcook.. hod..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,a.Donly..fexpiry...04127,"originA..
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 5862 bytes
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1601
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.356411347532022
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:vkSUGlcAxSM0LXnIghX/pnxQwRlsQZspHytnGH3j6xiMxtdL/5QH2oXpTurfNge4:cpOxB0znRfZYSkGxHx5kpTWNR4
                                                                                                                                                                                                                                                                                                                                                          MD5:CA81DB84776916E34815439C20F8FC10
                                                                                                                                                                                                                                                                                                                                                          SHA1:85BC4DE5027A2D8ABD34C432ED39DCE78B27B705
                                                                                                                                                                                                                                                                                                                                                          SHA-256:843A43E3A983D408639595F9EF30BDE5BC88B6A41383C443579EB5EF8C85FB77
                                                                                                                                                                                                                                                                                                                                                          SHA-512:2E4EC97870A2E89666212B2DCD5E321826304912B2EEB27459AC1BB4D878799293320DB1A4101565EB1CDC433E55D60127E5270F60DE39AD8EE6520DE8684787
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{22562fbe-5590-4add-addc-e8c6dc83a64f}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1732128042835,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758..Pdth":....,"height":1024,"screenX......Y..Aizem..."maximize......BeforeMin...&..workspace:...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zE..1...Wn..m........k..;....1":{..jUpdate...6,"startTim..a799291...centCrash..B0},".....Dcook.. hod..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,a.Donly..fexpiry...04127,"originA..
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                          MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                                                                                                                                                                          SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                                                                                                                                                                          SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                                                                                                                                                                          SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.032705395117025
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:48:YrSAYi6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcbyJW:yciyTEr5QFRzzcMvbw6KkCrrc2Rn27
                                                                                                                                                                                                                                                                                                                                                          MD5:5FFDC9B221019CEF12E45DB99B00B0F6
                                                                                                                                                                                                                                                                                                                                                          SHA1:4277C09356378A15B025303C106A9D48695ACC04
                                                                                                                                                                                                                                                                                                                                                          SHA-256:68689C9BFB56C4E4252A43DB58F6BCD4B7111A5AC982AD65407B3FAB43630917
                                                                                                                                                                                                                                                                                                                                                          SHA-512:490DBDE7033F7F8324663AA32C0735EF700AEEFF139E92F36DB74A2743A0B63B040CD0627C2E8E2C7EDB22F65F7B2446368540982338CD9DFA7B2AE179EDC89E
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-11-20T18:40:12.270Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.032705395117025
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:48:YrSAYi6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcbyJW:yciyTEr5QFRzzcMvbw6KkCrrc2Rn27
                                                                                                                                                                                                                                                                                                                                                          MD5:5FFDC9B221019CEF12E45DB99B00B0F6
                                                                                                                                                                                                                                                                                                                                                          SHA1:4277C09356378A15B025303C106A9D48695ACC04
                                                                                                                                                                                                                                                                                                                                                          SHA-256:68689C9BFB56C4E4252A43DB58F6BCD4B7111A5AC982AD65407B3FAB43630917
                                                                                                                                                                                                                                                                                                                                                          SHA-512:490DBDE7033F7F8324663AA32C0735EF700AEEFF139E92F36DB74A2743A0B63B040CD0627C2E8E2C7EDB22F65F7B2446368540982338CD9DFA7B2AE179EDC89E
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-11-20T18:40:12.270Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):156
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.411137816108237
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YGNDhK6c2us1pNGHfYL2HEYwgL2HEmxhHtifYYMgEYyibudJ8KgfHVEW1:YGNTG/I2XV2fEzLEJ8Kgf1Ew
                                                                                                                                                                                                                                                                                                                                                          MD5:AAC5F6FC2FA4A5691A244B46164834FD
                                                                                                                                                                                                                                                                                                                                                          SHA1:F011E46647F4C402B798C285DE982A6BB9EC73BF
                                                                                                                                                                                                                                                                                                                                                          SHA-256:BE115879DA967E2C1213870515E049801E5950D1179325B99891869A40263BB0
                                                                                                                                                                                                                                                                                                                                                          SHA-512:963486CF702B7623C20123B669F538ADBC51B996E67AB52EDE4635FF05034CA28A3926A98656CB5E8E9BB2C1FBAD338744B312B4673585FD9810AA6E36D343EC
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"chrome://browser/content/browser.xhtml":{"sidebar-box":{"sidebarcommand":"","style":""},"sidebar-title":{"value":""},"main-window":{"sizemode":"normal"}}}
                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                          Size (bytes):156
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.411137816108237
                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YGNDhK6c2us1pNGHfYL2HEYwgL2HEmxhHtifYYMgEYyibudJ8KgfHVEW1:YGNTG/I2XV2fEzLEJ8Kgf1Ew
                                                                                                                                                                                                                                                                                                                                                          MD5:AAC5F6FC2FA4A5691A244B46164834FD
                                                                                                                                                                                                                                                                                                                                                          SHA1:F011E46647F4C402B798C285DE982A6BB9EC73BF
                                                                                                                                                                                                                                                                                                                                                          SHA-256:BE115879DA967E2C1213870515E049801E5950D1179325B99891869A40263BB0
                                                                                                                                                                                                                                                                                                                                                          SHA-512:963486CF702B7623C20123B669F538ADBC51B996E67AB52EDE4635FF05034CA28A3926A98656CB5E8E9BB2C1FBAD338744B312B4673585FD9810AA6E36D343EC
                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                          Preview:{"chrome://browser/content/browser.xhtml":{"sidebar-box":{"sidebarcommand":"","style":""},"sidebar-title":{"value":""},"main-window":{"sizemode":"normal"}}}
                                                                                                                                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.592499577853917
                                                                                                                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                          File name:file.exe
                                                                                                                                                                                                                                                                                                                                                          File size:922'624 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5:acccdf6ccc00ba4c7584a6feab78fd34
                                                                                                                                                                                                                                                                                                                                                          SHA1:232870d56f0bc169ad98dcdcc1eaf3f597fe0c21
                                                                                                                                                                                                                                                                                                                                                          SHA256:0be1956aa2b18128c09203dbc053178765e16cc2f95ed0471e6e7de1e701264c
                                                                                                                                                                                                                                                                                                                                                          SHA512:474cc8c58ba7f6643aaca6c3bd1fd7fadfab1738a2a244aab386eb89b8fc22db19c54d25d54f424f0e3a5381e3c3f4f88d25498ebeb77eb6250f2d3a1699c859
                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:2qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgakTW:2qDEvCTbMWu7rQYlBQcBiT6rprG8aEW
                                                                                                                                                                                                                                                                                                                                                          TLSH:91159E0273D1C062FFAB92334B5AF6515BBC69260123E62F13981D79BE701B1563E7A3
                                                                                                                                                                                                                                                                                                                                                          File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....
                                                                                                                                                                                                                                                                                                                                                          Icon Hash:aaf3e3e3938382a0
                                                                                                                                                                                                                                                                                                                                                          Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                          Time Stamp:0x673E0EA6 [Wed Nov 20 16:30:30 2024 UTC]
                                                                                                                                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                          OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                          OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                          File Version Major:5
                                                                                                                                                                                                                                                                                                                                                          File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                          Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                          Import Hash:948cc502fe9226992dce9417f952fce3
                                                                                                                                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                                                                                                                                          call 00007F4ED9868583h
                                                                                                                                                                                                                                                                                                                                                          jmp 00007F4ED9867E8Fh
                                                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                                                          push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                          call 00007F4ED986806Dh
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                                                                                                                                                                          retn 0004h
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                                                          push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                          call 00007F4ED986803Ah
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                                                                                                                                                                          retn 0004h
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                          lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                          and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                                                          mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                          add eax, 04h
                                                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                                                          call 00007F4ED986AC2Dh
                                                                                                                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                                                                                                                                                                          retn 0004h
                                                                                                                                                                                                                                                                                                                                                          lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                                                          call 00007F4ED986AC78h
                                                                                                                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                          lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                                                          call 00007F4ED986AC61h
                                                                                                                                                                                                                                                                                                                                                          test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                                                                                                                          Programming Language:
                                                                                                                                                                                                                                                                                                                                                          • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                          • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000xa83c.rsrc
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xdf0000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                          .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                          .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                          .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                          .rsrc0xd40000xa83c0xaa00e63f177b0d8714dc0c68fa135accf968False0.36824448529411763data5.6558367830055225IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                          .reloc0xdf0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                          RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                          RT_RCDATA0xdc7b80x1b04data1.0015905147484094
                                                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xde2bc0x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xde3340x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xde3480x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xde35c0x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                          RT_VERSION0xde3700xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                          RT_MANIFEST0xde44c0x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823
                                                                                                                                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                                                                                                                                          WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                          VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                          WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                          COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                          MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                          WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                          PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                          IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                          USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                          UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                          KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                          USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                          GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                          COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                          ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                          SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                          ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                          OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture
                                                                                                                                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                          EnglishGreat Britain
                                                                                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:20.781667948 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:20.781733990 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:20.782939911 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:20.787880898 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:20.787904024 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:22.038484097 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:22.038577080 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:22.047064066 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:22.047080994 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:22.047200918 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:22.047349930 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:22.047410965 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.790493011 CET49738443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.790570021 CET44349738142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.790625095 CET49739443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.790663958 CET44349739142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.791130066 CET49738443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.791198969 CET49739443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.792556047 CET49738443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.792591095 CET44349738142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.793874979 CET49739443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.793888092 CET44349739142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.794152021 CET4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.915821075 CET804974034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.915894985 CET4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.916071892 CET4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.108391047 CET804974034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.769120932 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.769159079 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.771162987 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.771173000 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.771739960 CET49744443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.771847010 CET4434974434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.774610996 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.774643898 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.774772882 CET49744443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.776210070 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.776225090 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.776372910 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.776381016 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.777672052 CET49744443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.777717113 CET4434974434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.099241972 CET804974034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.144521952 CET4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.290790081 CET49745443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.290808916 CET4434974534.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.290879965 CET49745443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.290971994 CET49745443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.290977001 CET4434974534.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.436943054 CET4974680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.494997978 CET44349739142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.495168924 CET49739443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.496426105 CET44349739142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.496473074 CET49739443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.499870062 CET49739443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.499881029 CET44349739142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.499964952 CET49739443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.500145912 CET44349739142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.500303030 CET49739443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.533976078 CET44349738142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.534955025 CET49738443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.534975052 CET44349738142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.534991026 CET44349738142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.535142899 CET49738443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.538285971 CET49738443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.538300991 CET44349738142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.538371086 CET49738443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.538486958 CET44349738142.250.181.78192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.538726091 CET49738443192.168.2.4142.250.181.78
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.563265085 CET804974634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.563600063 CET4974680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.563802958 CET4974680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.683343887 CET804974634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.026770115 CET4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.146466970 CET804974034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.181126118 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.183595896 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.186916113 CET4434974434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.187654972 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.187664986 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.187735081 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.187923908 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.188370943 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.188400984 CET49744443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.192086935 CET49744443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.192097902 CET4434974434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.192200899 CET49744443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.192380905 CET4434974434.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.192574978 CET49747443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.192612886 CET4434974734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.192686081 CET49744443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.193135977 CET49747443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.194766998 CET49747443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.194781065 CET4434974734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.217452049 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.231349945 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.232395887 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.234958887 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.234965086 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.235375881 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.236993074 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.237068892 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.237157106 CET4434974335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.247651100 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.247663975 CET49743443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.360246897 CET804974034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.410445929 CET4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.571719885 CET4434974534.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.571980953 CET49745443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.577915907 CET49745443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.577919960 CET4434974534.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.578052044 CET4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.578114986 CET4974680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.578267097 CET4434974534.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.585207939 CET49745443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.585361004 CET49745443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.585443974 CET4434974534.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.586263895 CET49745443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.652137995 CET804974634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.652383089 CET4974680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.699851036 CET804974034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.700530052 CET804974634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.705610991 CET4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.705636024 CET4974680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:27.646348953 CET4434974734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:27.646436930 CET49747443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:27.650847912 CET49747443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:27.650856018 CET4434974734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:27.650959969 CET49747443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:27.651050091 CET4434974734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:27.651118040 CET49747443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.284276962 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.292586088 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.403975010 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.404198885 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.404407978 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.412420034 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.417505980 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.417877913 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.524977922 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.538353920 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.569320917 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.569401979 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.570519924 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.571927071 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.571971893 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:31.514621019 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:31.567570925 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:31.617183924 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:31.669847965 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:31.929214954 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:31.929323912 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:31.935661077 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:31.935697079 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:31.935831070 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:31.935909033 CET4434975234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:31.935971975 CET49752443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:31.936353922 CET49755443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:31.936383009 CET4434975534.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:31.936455011 CET49755443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:31.938544035 CET49755443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:31.938555956 CET4434975534.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:33.204953909 CET4434975534.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:33.205096960 CET49755443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:33.209882021 CET49755443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:33.209887028 CET4434975534.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:33.210046053 CET4434975534.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:33.210072994 CET49755443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:33.210083961 CET4434975534.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:33.210103989 CET49755443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:34.826524019 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:34.936827898 CET49759443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:34.936849117 CET4434975935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:34.937078953 CET49759443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:34.937207937 CET49759443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:34.937222004 CET4434975935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:34.949666977 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.121646881 CET49760443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.121674061 CET4434976034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.121968031 CET49760443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.123034000 CET49760443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.123054028 CET4434976034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.164022923 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.208663940 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.410708904 CET49761443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.410803080 CET4434976134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.410952091 CET49761443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.412395954 CET49761443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.412406921 CET4434976134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.252594948 CET4434975935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.259361029 CET4434975935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.262876034 CET49759443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.266120911 CET49759443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.266134977 CET4434975935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.266905069 CET4434975935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.269274950 CET49759443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.269274950 CET49759443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.269705057 CET4434975935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.275779009 CET49759443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.360398054 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.363835096 CET4434976034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.365293026 CET49760443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.370141029 CET49760443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.370150089 CET4434976034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.370235920 CET49760443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.370359898 CET4434976034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.372214079 CET49760443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.486449957 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.609129906 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.611201048 CET49762443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.611238003 CET4434976234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.611588955 CET49762443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.613037109 CET49762443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.613054991 CET4434976234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.677018881 CET4434976134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.677112103 CET49761443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.681226015 CET49761443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.681233883 CET4434976134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.681359053 CET49761443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.681476116 CET4434976134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.681721926 CET49761443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.681901932 CET49763443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.681927919 CET4434976334.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.682112932 CET49763443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.683126926 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.683455944 CET49763443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.683466911 CET4434976334.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.728563070 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.729022980 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.761872053 CET49764443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.761885881 CET4434976434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.761954069 CET49764443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.763238907 CET49764443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.763248920 CET4434976434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.942966938 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.998197079 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:37.932845116 CET4434976234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:37.932934999 CET49762443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:37.971323967 CET4434976334.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:37.974579096 CET49763443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:37.982817888 CET4434976434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:37.982897043 CET49764443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.170188904 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.172583103 CET49762443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.172610044 CET4434976234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.172928095 CET4434976234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.172955036 CET49762443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.172965050 CET4434976234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.175190926 CET49763443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.175211906 CET4434976334.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.175272942 CET49763443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.175374031 CET49764443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.175384998 CET4434976434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.175426006 CET4434976334.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.175436974 CET49764443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.175652027 CET4434976434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.176620960 CET49763443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.176635981 CET49764443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.176687956 CET49762443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.292176962 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.487154007 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.533752918 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.765256882 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.767218113 CET49766443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.767255068 CET4434976634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.769329071 CET49766443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.771305084 CET49766443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.771320105 CET4434976634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.884946108 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.915838957 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.915918112 CET4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.916196108 CET49768443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.916220903 CET4434976834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.917263031 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.917268038 CET49768443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.917630911 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.917665958 CET4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.917761087 CET49768443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.917776108 CET4434976834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:39.098881960 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:39.153635979 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:40.028779030 CET4434976634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:40.033078909 CET49766443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:40.045804024 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:40.133553028 CET4434976834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:40.133618116 CET49768443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:40.166925907 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:40.224203110 CET4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:40.224276066 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:40.361848116 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:40.404006958 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:41.639072895 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:41.639116049 CET4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:41.639436960 CET4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:41.642632961 CET49768443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:41.642663002 CET4434976834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:41.642920017 CET4434976834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:41.643520117 CET49766443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:41.643546104 CET4434976634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:41.643616915 CET49766443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:41.643738031 CET4434976634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:41.648297071 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:41.648402929 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:41.648466110 CET4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:41.649939060 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:41.649974108 CET49766443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:41.649991035 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:41.692584038 CET49768443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:41.895754099 CET49768443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:41.895941019 CET49768443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:41.895984888 CET4434976834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:41.896219969 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:41.897080898 CET49768443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:42.130853891 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:42.354785919 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:42.359349012 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:42.410301924 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:42.479799032 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:42.674650908 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:42.726684093 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:43.751015902 CET49770443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:43.751121998 CET4434977034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:43.765782118 CET49770443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:43.767904997 CET49770443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:43.767946005 CET4434977034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:45.082828999 CET4434977034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:45.082838058 CET4434977034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:45.082905054 CET49770443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:45.088375092 CET49770443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:45.088382959 CET4434977034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:45.088562012 CET49770443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:45.088645935 CET4434977034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:45.089577913 CET49770443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:45.092443943 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:45.214890003 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:45.428354979 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:45.431576014 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:45.472543955 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:45.551311016 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:45.747102022 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:45.789079905 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:49.974925041 CET49771443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:49.974982023 CET4434977135.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:49.978122950 CET49771443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:49.978286982 CET49771443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:49.978307962 CET4434977135.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.015748978 CET49772443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.015850067 CET4434977234.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.016165018 CET49773443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.016187906 CET4434977335.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.016410112 CET49772443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.016527891 CET49773443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.016608953 CET49772443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.016639948 CET4434977234.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.018806934 CET49773443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.018834114 CET4434977335.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.159734964 CET49774443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.159785032 CET4434977435.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.159908056 CET49774443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.161331892 CET49774443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.161350965 CET4434977435.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.231714010 CET49775443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.231749058 CET44349775151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.232492924 CET49775443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.233133078 CET49775443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.233146906 CET44349775151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.235430956 CET4434977135.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.235527992 CET49771443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.238949060 CET49771443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.238985062 CET4434977135.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.239341021 CET4434977135.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.241928101 CET49771443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.242031097 CET49771443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.242120028 CET4434977135.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.242929935 CET49771443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.247183084 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.273606062 CET4434977234.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.273682117 CET49772443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.276802063 CET49772443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.276820898 CET4434977234.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.276885033 CET4434977335.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.277060032 CET4434977234.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.279542923 CET49773443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.279757977 CET49772443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.279757977 CET49772443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.282210112 CET49776443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.282248020 CET4434977634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.282375097 CET49776443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.282875061 CET49776443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.282886982 CET4434977634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.284240007 CET49773443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.284257889 CET4434977335.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.284316063 CET49773443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.284470081 CET4434977335.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.284903049 CET49773443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.383425951 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.433726072 CET4434977435.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.434456110 CET49774443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.438457012 CET49774443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.438482046 CET4434977435.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.438559055 CET49774443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.438719034 CET4434977435.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.441337109 CET49774443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.452322006 CET49777443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.452374935 CET4434977734.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.452579021 CET49777443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.452685118 CET49777443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.452701092 CET4434977734.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.492964983 CET44349775151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.493051052 CET49775443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.495717049 CET49775443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.495727062 CET44349775151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.495925903 CET44349775151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.497706890 CET49775443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.497807026 CET49775443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.497831106 CET44349775151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.504097939 CET49775443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.505477905 CET49778443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.505526066 CET4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.506021023 CET49778443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.506174088 CET49778443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.506194115 CET4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.507525921 CET49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.507558107 CET4434977935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.507868052 CET49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.507980108 CET49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.507998943 CET4434977935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.511022091 CET49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.511042118 CET4434978035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.513534069 CET49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.513752937 CET49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.513767004 CET4434978035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.610598087 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.613776922 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.662152052 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.739610910 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.934192896 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.978647947 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.566441059 CET4434977634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.571333885 CET4434977634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.571464062 CET49776443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.575016022 CET49776443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.575027943 CET4434977634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.575268984 CET4434977634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.577501059 CET49776443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.577605963 CET49776443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.577640057 CET4434977634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.579189062 CET49776443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.581677914 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.701195955 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.721532106 CET4434977734.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.721616030 CET49777443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.724705935 CET49777443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.724716902 CET4434977734.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.724941969 CET4434977734.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.727092981 CET49777443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.727173090 CET49777443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.727216005 CET4434977734.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.728153944 CET49777443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.782162905 CET4434977935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.782237053 CET49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.784981966 CET49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.784990072 CET4434977935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.785207033 CET4434977935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.787494898 CET49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.787583113 CET49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.787609100 CET4434977935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.787708998 CET49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.787731886 CET49779443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.804231882 CET4434978035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.804311991 CET49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.806889057 CET49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.806910992 CET4434978035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.807142973 CET4434978035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.809526920 CET49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.809609890 CET49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.809695005 CET4434978035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.809770107 CET49780443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.823159933 CET4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.823252916 CET49778443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.825721979 CET49778443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.825751066 CET4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.826117039 CET4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.828394890 CET49778443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.828481913 CET49778443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.828591108 CET4434977835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.828850985 CET49778443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.914654970 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.921708107 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.965868950 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:53.042237997 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:53.236926079 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:53.282373905 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:55.146706104 CET49782443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:55.146742105 CET4434978234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:55.146858931 CET49782443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:55.148395061 CET49782443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:55.148412943 CET4434978234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:56.412359953 CET4434978234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:56.413399935 CET49782443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:56.417689085 CET49782443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:56.417720079 CET4434978234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:56.417798042 CET49782443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:56.417917967 CET4434978234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:56.419442892 CET49782443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:56.420850039 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:56.544361115 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:56.758479118 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:56.761518955 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:56.807939053 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:56.883302927 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:57.078465939 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:57.124402046 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:06.760782003 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:06.880552053 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:07.092864990 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:07.216327906 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:16.658361912 CET49820443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:16.658430099 CET4434982034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:16.658536911 CET49820443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:16.660614967 CET49820443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:16.660655975 CET4434982034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:16.888365984 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:17.014028072 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:17.220601082 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:17.343288898 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:18.036756992 CET4434982034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:18.036896944 CET49820443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:18.043140888 CET49820443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:18.043158054 CET4434982034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:18.043262005 CET49820443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:18.043359041 CET4434982034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:18.043437004 CET49820443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:18.046104908 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:18.213432074 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:18.440072060 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:18.444674015 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:18.493146896 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:18.564294100 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:18.758945942 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:18.809667110 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:19.492254019 CET49826443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:19.492285013 CET4434982634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:19.494457006 CET49827443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:19.494539022 CET4434982734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:19.495573997 CET49826443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:19.495599031 CET49827443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:19.495780945 CET49826443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:19.495799065 CET4434982634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:19.495944977 CET49827443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:19.495975971 CET4434982734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:19.497587919 CET49828443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:19.497626066 CET4434982834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:19.498011112 CET49828443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:19.498141050 CET49828443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:19.498156071 CET4434982834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.707928896 CET4434982734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.708014965 CET49827443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.711371899 CET49827443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.711396933 CET4434982734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.711765051 CET4434982734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.713927031 CET49827443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.714098930 CET4434982734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.714144945 CET49827443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.714162111 CET4434982734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.715276957 CET49827443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.720072985 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.780700922 CET4434982834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.780797958 CET49828443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.784050941 CET49828443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.784068108 CET4434982834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.784630060 CET4434982834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.789124966 CET49828443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.789242029 CET49828443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.789391041 CET4434982834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.789530993 CET49828443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.805385113 CET4434982634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.814924955 CET49826443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.818366051 CET49826443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.818377018 CET4434982634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.819261074 CET4434982634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.825184107 CET49826443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.825305939 CET49826443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.825567961 CET4434982634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.826126099 CET49826443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.890805006 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:21.105979919 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:21.109078884 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:21.147639990 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:21.228658915 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:21.423243046 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:21.464144945 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:31.115042925 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:31.236468077 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:31.431555033 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:31.559406042 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:41.244786978 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:41.364353895 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:41.561314106 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:41.680962086 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:51.373954058 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:51.493684053 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:51.690041065 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:51.816428900 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:58.061876059 CET49909443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:58.061914921 CET4434990934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:58.062005997 CET49909443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:58.064165115 CET49909443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:58.064178944 CET4434990934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:59.332034111 CET4434990934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:59.334180117 CET49909443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:59.339610100 CET49909443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:59.339622974 CET4434990934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:59.339696884 CET49909443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:59.340095997 CET4434990934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:59.341372967 CET49909443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:59.344510078 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:59.467721939 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:59.681147099 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:59.686244965 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:59.729439974 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:59.805936098 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:43:00.000794888 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:43:00.045864105 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:43:09.689821005 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:43:09.809703112 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:43:10.004993916 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:43:10.133141994 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:43:19.828087091 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:43:19.947765112 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:43:20.151154995 CET4975080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:43:20.275649071 CET804975034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:20.785240889 CET5568953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:20.927182913 CET53556891.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:20.928035021 CET5471553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:21.067913055 CET53547151.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.642564058 CET5123253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.642935038 CET5490453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.787805080 CET53512321.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.790919065 CET5602953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.794944048 CET5227953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.939179897 CET53560291.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.939409971 CET53522791.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.945817947 CET5705853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.946448088 CET5108153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.986502886 CET5760753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.029170036 CET6142053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.109436035 CET53510811.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.109473944 CET53570581.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.173434973 CET53576071.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.214610100 CET53614201.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.772377968 CET6366653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.773425102 CET6320953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.773722887 CET6037653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.046129942 CET53636661.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.046937943 CET53603761.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.046983957 CET5797053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.047552109 CET6482753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.047569990 CET53632091.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.048010111 CET5929453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.139501095 CET6467953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.140810966 CET5515253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.184360981 CET53579701.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.185071945 CET53648271.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.185601950 CET5056253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.188384056 CET53592941.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.283025980 CET53646791.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.283643007 CET53551521.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.286761045 CET5077653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.291004896 CET5510253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.324758053 CET53505621.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.435909986 CET53551021.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.437397003 CET5855953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.588916063 CET53585591.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.452445030 CET5886053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.583786964 CET6086353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.597255945 CET53588601.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.598472118 CET6108853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.742383957 CET53610881.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.743268013 CET6310453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.886003971 CET53631041.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:31.362550974 CET53494251.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:34.797610044 CET5840253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:34.937397957 CET53584021.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.121823072 CET5030353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.131191969 CET5912153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.262674093 CET5767853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.266073942 CET53503031.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.272677898 CET5520353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.274976015 CET53591211.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.276041031 CET5505253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.409327984 CET53576781.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.411222935 CET4941153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.419147968 CET53552031.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.421660900 CET53550521.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.422251940 CET5074253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.553709984 CET53494111.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.554637909 CET5138153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.562526941 CET53507421.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.696818113 CET53513811.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:43.751447916 CET5234153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:43.901873112 CET53523411.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:43.915677071 CET6550753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:43.915677071 CET6143653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:43.916940928 CET5006553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.053345919 CET53655071.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.054516077 CET6049353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.054591894 CET53614361.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.055249929 CET6366153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.055658102 CET53500651.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.056438923 CET5138553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.196589947 CET53604931.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.196902990 CET53636611.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.197721004 CET5313453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.198225021 CET53513851.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.198432922 CET5114053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.199333906 CET5425953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.352654934 CET53531341.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.353575945 CET53511401.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.353789091 CET5580553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.354476929 CET5462453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.354757071 CET53542591.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.500925064 CET53546241.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.501589060 CET53558051.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.502396107 CET6288153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.502881050 CET5071553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.643908024 CET53628811.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.648977041 CET6390853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.789750099 CET53639081.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.860300064 CET53507151.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.861561060 CET5356353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:45.136861086 CET53535631.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:49.976336956 CET6234153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:49.996928930 CET5613353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.016185045 CET5823853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.114423990 CET53623411.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.158615112 CET53582381.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.160533905 CET5961953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.227356911 CET53561331.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.232404947 CET5027753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.300981045 CET53596191.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.301796913 CET6453153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.372802973 CET53502771.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.373688936 CET6168253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.441477060 CET53645311.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.511970997 CET53616821.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:55.146779060 CET6324853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:55.284214973 CET53632481.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:16.421839952 CET5021553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:16.656963110 CET53502151.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:16.658236980 CET4937153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:16.820926905 CET53493711.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:18.046494961 CET5613853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:19.492609024 CET5419253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:19.630306959 CET53541921.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:58.060419083 CET5578953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:58.199489117 CET53557891.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:58.201199055 CET4974953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:58.343381882 CET53497491.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:20.785240889 CET192.168.2.41.1.1.10xb3a6Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:20.928035021 CET192.168.2.41.1.1.10x2cdeStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.642564058 CET192.168.2.41.1.1.10xbebStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.642935038 CET192.168.2.41.1.1.10xb867Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.790919065 CET192.168.2.41.1.1.10x4956Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.794944048 CET192.168.2.41.1.1.10x6d48Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.945817947 CET192.168.2.41.1.1.10x3ab1Standard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.946448088 CET192.168.2.41.1.1.10xa9ceStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.986502886 CET192.168.2.41.1.1.10x97f4Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.029170036 CET192.168.2.41.1.1.10x4689Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.772377968 CET192.168.2.41.1.1.10xe55Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.773425102 CET192.168.2.41.1.1.10x68e6Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.773722887 CET192.168.2.41.1.1.10x2792Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.046983957 CET192.168.2.41.1.1.10x86cStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.047552109 CET192.168.2.41.1.1.10x872Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.048010111 CET192.168.2.41.1.1.10x8aecStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.139501095 CET192.168.2.41.1.1.10xe2afStandard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.140810966 CET192.168.2.41.1.1.10xba82Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.185601950 CET192.168.2.41.1.1.10x86c5Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.286761045 CET192.168.2.41.1.1.10xc06fStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.291004896 CET192.168.2.41.1.1.10x9503Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.437397003 CET192.168.2.41.1.1.10x81adStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.452445030 CET192.168.2.41.1.1.10xaf4bStandard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.583786964 CET192.168.2.41.1.1.10x823fStandard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.598472118 CET192.168.2.41.1.1.10xcc4cStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.743268013 CET192.168.2.41.1.1.10xeb2dStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:34.797610044 CET192.168.2.41.1.1.10x607aStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.121823072 CET192.168.2.41.1.1.10xa5bbStandard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.131191969 CET192.168.2.41.1.1.10x6e71Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.262674093 CET192.168.2.41.1.1.10x5c89Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.272677898 CET192.168.2.41.1.1.10x4abfStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.276041031 CET192.168.2.41.1.1.10xf374Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.411222935 CET192.168.2.41.1.1.10x21a4Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.422251940 CET192.168.2.41.1.1.10x80acStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.554637909 CET192.168.2.41.1.1.10x8f6fStandard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:43.751447916 CET192.168.2.41.1.1.10xf630Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:43.915677071 CET192.168.2.41.1.1.10x4c9dStandard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:43.915677071 CET192.168.2.41.1.1.10x114eStandard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:43.916940928 CET192.168.2.41.1.1.10xf715Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.054516077 CET192.168.2.41.1.1.10x7dd5Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.055249929 CET192.168.2.41.1.1.10x5ea6Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.056438923 CET192.168.2.41.1.1.10xbba9Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.197721004 CET192.168.2.41.1.1.10x157eStandard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.198432922 CET192.168.2.41.1.1.10xa2aaStandard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.199333906 CET192.168.2.41.1.1.10x5bf2Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.353789091 CET192.168.2.41.1.1.10x74abStandard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.354476929 CET192.168.2.41.1.1.10xe056Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.502396107 CET192.168.2.41.1.1.10x7207Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.502881050 CET192.168.2.41.1.1.10x1afbStandard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.648977041 CET192.168.2.41.1.1.10x68d8Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.861561060 CET192.168.2.41.1.1.10x2b5aStandard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:49.976336956 CET192.168.2.41.1.1.10x92b5Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:49.996928930 CET192.168.2.41.1.1.10xd951Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.016185045 CET192.168.2.41.1.1.10xb2b4Standard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.160533905 CET192.168.2.41.1.1.10x2a25Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.232404947 CET192.168.2.41.1.1.10x2fceStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.301796913 CET192.168.2.41.1.1.10x93d8Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.373688936 CET192.168.2.41.1.1.10x4a59Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:55.146779060 CET192.168.2.41.1.1.10xbef8Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:16.421839952 CET192.168.2.41.1.1.10xca44Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:16.658236980 CET192.168.2.41.1.1.10xc98bStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:18.046494961 CET192.168.2.41.1.1.10xbd1eStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:19.492609024 CET192.168.2.41.1.1.10x3401Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:58.060419083 CET192.168.2.41.1.1.10x697cStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:58.201199055 CET192.168.2.41.1.1.10x23eaStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:20.762980938 CET1.1.1.1192.168.2.40x5e75No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:20.927182913 CET1.1.1.1192.168.2.40xb3a6No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.787805080 CET1.1.1.1192.168.2.40xbebNo error (0)youtube.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.789010048 CET1.1.1.1192.168.2.40xb867No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.789010048 CET1.1.1.1192.168.2.40xb867No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.939179897 CET1.1.1.1192.168.2.40x4956No error (0)youtube.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.939409971 CET1.1.1.1192.168.2.40x6d48No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.109436035 CET1.1.1.1192.168.2.40xa9ceNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.109473944 CET1.1.1.1192.168.2.40x3ab1No error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.173434973 CET1.1.1.1192.168.2.40x97f4No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.182529926 CET1.1.1.1192.168.2.40x9f9aNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.182529926 CET1.1.1.1192.168.2.40x9f9aNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.214610100 CET1.1.1.1192.168.2.40x4689No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:24.214610100 CET1.1.1.1192.168.2.40x4689No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.046129942 CET1.1.1.1192.168.2.40xe55No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.046937943 CET1.1.1.1192.168.2.40x2792No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.047569990 CET1.1.1.1192.168.2.40x68e6No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.283025980 CET1.1.1.1192.168.2.40xe2afNo error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.283025980 CET1.1.1.1192.168.2.40xe2afNo error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.283025980 CET1.1.1.1192.168.2.40xe2afNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.283643007 CET1.1.1.1192.168.2.40xba82No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.324758053 CET1.1.1.1192.168.2.40x86c5No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.324758053 CET1.1.1.1192.168.2.40x86c5No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.430403948 CET1.1.1.1192.168.2.40xc06fNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.430403948 CET1.1.1.1192.168.2.40xc06fNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.435909986 CET1.1.1.1192.168.2.40x9503No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.588916063 CET1.1.1.1192.168.2.40x81adNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.597255945 CET1.1.1.1192.168.2.40xaf4bNo error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.597255945 CET1.1.1.1192.168.2.40xaf4bNo error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.597255945 CET1.1.1.1192.168.2.40xaf4bNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.742383957 CET1.1.1.1192.168.2.40xcc4cNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.822782993 CET1.1.1.1192.168.2.40x823fNo error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:34.935838938 CET1.1.1.1192.168.2.40x539No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:34.935838938 CET1.1.1.1192.168.2.40x539No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.120737076 CET1.1.1.1192.168.2.40x2f35No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.266073942 CET1.1.1.1192.168.2.40xa5bbNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.274976015 CET1.1.1.1192.168.2.40x6e71No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.409327984 CET1.1.1.1192.168.2.40x5c89No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.409327984 CET1.1.1.1192.168.2.40x5c89No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.421660900 CET1.1.1.1192.168.2.40xf374No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.553709984 CET1.1.1.1192.168.2.40x21a4No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.761039019 CET1.1.1.1192.168.2.40x6d2fNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.053345919 CET1.1.1.1192.168.2.40x4c9dNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.053345919 CET1.1.1.1192.168.2.40x4c9dNo error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.053345919 CET1.1.1.1192.168.2.40x4c9dNo error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.053345919 CET1.1.1.1192.168.2.40x4c9dNo error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.053345919 CET1.1.1.1192.168.2.40x4c9dNo error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.053345919 CET1.1.1.1192.168.2.40x4c9dNo error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.053345919 CET1.1.1.1192.168.2.40x4c9dNo error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.053345919 CET1.1.1.1192.168.2.40x4c9dNo error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.053345919 CET1.1.1.1192.168.2.40x4c9dNo error (0)youtube-ui.l.google.com172.217.21.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.053345919 CET1.1.1.1192.168.2.40x4c9dNo error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.053345919 CET1.1.1.1192.168.2.40x4c9dNo error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.053345919 CET1.1.1.1192.168.2.40x4c9dNo error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.054591894 CET1.1.1.1192.168.2.40x114eNo error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.054591894 CET1.1.1.1192.168.2.40x114eNo error (0)star-mini.c10r.facebook.com157.240.195.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.055658102 CET1.1.1.1192.168.2.40xf715No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.055658102 CET1.1.1.1192.168.2.40xf715No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.196589947 CET1.1.1.1192.168.2.40x7dd5No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.196589947 CET1.1.1.1192.168.2.40x7dd5No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.196589947 CET1.1.1.1192.168.2.40x7dd5No error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.196589947 CET1.1.1.1192.168.2.40x7dd5No error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.196589947 CET1.1.1.1192.168.2.40x7dd5No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.196589947 CET1.1.1.1192.168.2.40x7dd5No error (0)youtube-ui.l.google.com172.217.21.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.196589947 CET1.1.1.1192.168.2.40x7dd5No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.196589947 CET1.1.1.1192.168.2.40x7dd5No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.196589947 CET1.1.1.1192.168.2.40x7dd5No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.196589947 CET1.1.1.1192.168.2.40x7dd5No error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.196589947 CET1.1.1.1192.168.2.40x7dd5No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.196589947 CET1.1.1.1192.168.2.40x7dd5No error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.196589947 CET1.1.1.1192.168.2.40x7dd5No error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.196902990 CET1.1.1.1192.168.2.40x5ea6No error (0)star-mini.c10r.facebook.com157.240.195.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.198225021 CET1.1.1.1192.168.2.40xbba9No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.352654934 CET1.1.1.1192.168.2.40x157eNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.352654934 CET1.1.1.1192.168.2.40x157eNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.352654934 CET1.1.1.1192.168.2.40x157eNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.352654934 CET1.1.1.1192.168.2.40x157eNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.353575945 CET1.1.1.1192.168.2.40xa2aaNo error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.354757071 CET1.1.1.1192.168.2.40x5bf2No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.500925064 CET1.1.1.1192.168.2.40xe056No error (0)twitter.com104.244.42.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.501589060 CET1.1.1.1192.168.2.40x74abNo error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.501589060 CET1.1.1.1192.168.2.40x74abNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.501589060 CET1.1.1.1192.168.2.40x74abNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.501589060 CET1.1.1.1192.168.2.40x74abNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.501589060 CET1.1.1.1192.168.2.40x74abNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.643908024 CET1.1.1.1192.168.2.40x7207No error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.860300064 CET1.1.1.1192.168.2.40x1afbNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.860300064 CET1.1.1.1192.168.2.40x1afbNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.860300064 CET1.1.1.1192.168.2.40x1afbNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:44.860300064 CET1.1.1.1192.168.2.40x1afbNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.158615112 CET1.1.1.1192.168.2.40xb2b4No error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.158615112 CET1.1.1.1192.168.2.40xb2b4No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.227356911 CET1.1.1.1192.168.2.40xd951No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.227356911 CET1.1.1.1192.168.2.40xd951No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.227356911 CET1.1.1.1192.168.2.40xd951No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.227356911 CET1.1.1.1192.168.2.40xd951No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.300981045 CET1.1.1.1192.168.2.40x2a25No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.372802973 CET1.1.1.1192.168.2.40x2fceNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.372802973 CET1.1.1.1192.168.2.40x2fceNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.372802973 CET1.1.1.1192.168.2.40x2fceNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.372802973 CET1.1.1.1192.168.2.40x2fceNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.511970997 CET1.1.1.1192.168.2.40x4a59No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.511970997 CET1.1.1.1192.168.2.40x4a59No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.511970997 CET1.1.1.1192.168.2.40x4a59No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:50.511970997 CET1.1.1.1192.168.2.40x4a59No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:53.442923069 CET1.1.1.1192.168.2.40xcf83No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:53.442923069 CET1.1.1.1192.168.2.40xcf83No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:16.656963110 CET1.1.1.1192.168.2.40xca44No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:18.233448029 CET1.1.1.1192.168.2.40xbd1eNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:18.233448029 CET1.1.1.1192.168.2.40xbd1eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:58.199489117 CET1.1.1.1192.168.2.40x697cNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                          • detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                          0192.168.2.44974034.107.221.82807880C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:23.916071892 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.099241972 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Tue, 19 Nov 2024 17:35:22 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 83162
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.026770115 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.360246897 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Tue, 19 Nov 2024 17:35:22 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 83164
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                          1192.168.2.44974634.107.221.82807880C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:25.563802958 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:26.652137995 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:26:13 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 29713
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                          2192.168.2.44975034.107.221.82807880C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.404407978 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:31.514621019 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:26:13 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 29718
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.360398054 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.683126926 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:26:13 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 29723
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.170188904 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.487154007 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:26:13 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 29725
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:40.045804024 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:40.361848116 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:26:13 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 29727
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:42.359349012 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:42.674650908 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:26:13 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 29729
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:45.431576014 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:45.747102022 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:26:13 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 29732
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.613776922 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.934192896 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:26:13 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 29738
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.921708107 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:53.236926079 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:26:13 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 29740
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:56.761518955 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:57.078465939 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:26:13 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 29743
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:07.092864990 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:17.220601082 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:18.444674015 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:18.758945942 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:26:13 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 29765
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:21.109078884 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:21.423243046 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:26:13 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 29768
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:31.431555033 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:41.561314106 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:51.690041065 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:59.686244965 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:43:00.000794888 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:26:13 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 29806
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:43:10.004993916 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:43:20.151154995 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                          3192.168.2.44975134.107.221.82807880C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:30.417877913 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:31.617183924 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 27919
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:34.826524019 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:35.164022923 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 27922
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.609129906 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:36.942966938 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 27924
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:38.765256882 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:39.098881960 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 27926
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:41.896219969 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:42.354785919 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 27930
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:45.092443943 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:45.428354979 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 27933
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.247183084 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:51.610598087 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 27939
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.581677914 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:52.914654970 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 27940
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:56.420850039 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:41:56.758479118 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 27944
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:06.760782003 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:16.888365984 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:18.046104908 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:18.440072060 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 27966
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:20.720072985 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:21.105979919 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 27968
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:31.115042925 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:41.244786978 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:51.373954058 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:59.344510078 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:42:59.681147099 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                          Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                          Age: 28007
                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:43:09.689821005 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                          Nov 20, 2024 17:43:19.828087091 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                                                                                                                                          Start time:11:41:12
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x630000
                                                                                                                                                                                                                                                                                                                                                          File size:922'624 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:ACCCDF6CCC00BA4C7584A6FEAB78FD34
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:1
                                                                                                                                                                                                                                                                                                                                                          Start time:11:41:12
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x840000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                                                                                                                                                          Start time:11:41:12
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                                                                                                                                                          Start time:11:41:15
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x840000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                                                                                                                                                          Start time:11:41:15
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                                                                                                                                                                          Start time:11:41:16
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x840000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                                                                                                                                                                          Start time:11:41:16
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                                                                                                                                                                                          Start time:11:41:17
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x840000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:8
                                                                                                                                                                                                                                                                                                                                                          Start time:11:41:17
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                                                                                                                                                                                          Start time:11:41:17
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x840000
                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:10
                                                                                                                                                                                                                                                                                                                                                          Start time:11:41:17
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                                                                                                                                                                          Start time:11:41:17
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                                                                                                                                                                                          Start time:11:41:17
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                          Target ID:13
                                                                                                                                                                                                                                                                                                                                                          Start time:11:41:17
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                                                          Target ID:15
                                                                                                                                                                                                                                                                                                                                                          Start time:11:41:18
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2292 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2212 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c855319-f837-426b-8ab4-f0b0b7a6bab5} 7880 "\\.\pipe\gecko-crash-server-pipe.7880" 1707216ef10 socket
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                                                          Target ID:16
                                                                                                                                                                                                                                                                                                                                                          Start time:11:41:20
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4524 -parentBuildID 20230927232528 -prefsHandle 4536 -prefMapHandle 4532 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f62e6612-366c-42fe-84de-5df465843634} 7880 "\\.\pipe\gecko-crash-server-pipe.7880" 17004818810 rdd
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                                                          Target ID:20
                                                                                                                                                                                                                                                                                                                                                          Start time:11:41:34
                                                                                                                                                                                                                                                                                                                                                          Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1552 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 2504 -prefMapHandle 2516 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {365afaa5-ae5a-4294-93d9-4bd644b6d0a1} 7880 "\\.\pipe\gecko-crash-server-pipe.7880" 17003482110 utility
                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                                                                                                            Execution Coverage:2.1%
                                                                                                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                            Signature Coverage:6.8%
                                                                                                                                                                                                                                                                                                                                                            Total number of Nodes:1548
                                                                                                                                                                                                                                                                                                                                                            Total number of Limit Nodes:53
                                                                                                                                                                                                                                                                                                                                                            execution_graph 94462 632de3 94463 632df0 __wsopen_s 94462->94463 94464 632e09 94463->94464 94465 672c2b ___scrt_fastfail 94463->94465 94478 633aa2 94464->94478 94467 672c47 GetOpenFileNameW 94465->94467 94469 672c96 94467->94469 94535 636b57 94469->94535 94473 672cab 94473->94473 94475 632e27 94506 6344a8 94475->94506 94547 671f50 94478->94547 94481 633ae9 94553 63a6c3 94481->94553 94482 633ace 94483 636b57 22 API calls 94482->94483 94485 633ada 94483->94485 94549 6337a0 94485->94549 94488 632da5 94489 671f50 __wsopen_s 94488->94489 94490 632db2 GetLongPathNameW 94489->94490 94491 636b57 22 API calls 94490->94491 94492 632dda 94491->94492 94493 633598 94492->94493 94604 63a961 94493->94604 94496 633aa2 23 API calls 94497 6335b5 94496->94497 94498 6335c0 94497->94498 94499 6732eb 94497->94499 94609 63515f 94498->94609 94503 67330d 94499->94503 94621 64ce60 41 API calls 94499->94621 94505 6335df 94505->94475 94622 634ecb 94506->94622 94509 673833 94644 6a2cf9 94509->94644 94511 634ecb 94 API calls 94512 6344e1 94511->94512 94512->94509 94514 6344e9 94512->94514 94513 673848 94515 67384c 94513->94515 94516 673869 94513->94516 94517 673854 94514->94517 94518 6344f5 94514->94518 94671 634f39 94515->94671 94520 64fe0b 22 API calls 94516->94520 94677 69da5a 82 API calls 94517->94677 94670 63940c 136 API calls 2 library calls 94518->94670 94534 6738ae 94520->94534 94523 632e31 94524 673862 94524->94516 94525 634f39 68 API calls 94528 673a5f 94525->94528 94528->94525 94683 69989b 82 API calls __wsopen_s 94528->94683 94531 639cb3 22 API calls 94531->94534 94534->94528 94534->94531 94678 69967e 22 API calls __fread_nolock 94534->94678 94679 6995ad 42 API calls _wcslen 94534->94679 94680 6a0b5a 22 API calls 94534->94680 94681 63a4a1 22 API calls __fread_nolock 94534->94681 94682 633ff7 22 API calls 94534->94682 94536 636b67 _wcslen 94535->94536 94537 674ba1 94535->94537 94540 636ba2 94536->94540 94541 636b7d 94536->94541 94538 6393b2 22 API calls 94537->94538 94539 674baa 94538->94539 94539->94539 94543 64fddb 22 API calls 94540->94543 94998 636f34 22 API calls 94541->94998 94545 636bae 94543->94545 94544 636b85 __fread_nolock 94544->94473 94546 64fe0b 22 API calls 94545->94546 94546->94544 94548 633aaf GetFullPathNameW 94547->94548 94548->94481 94548->94482 94550 6337ae 94549->94550 94559 6393b2 94550->94559 94552 632e12 94552->94488 94554 63a6d0 94553->94554 94555 63a6dd 94553->94555 94554->94485 94556 64fddb 22 API calls 94555->94556 94557 63a6e7 94556->94557 94558 64fe0b 22 API calls 94557->94558 94558->94554 94560 6393c0 94559->94560 94562 6393c9 __fread_nolock 94559->94562 94560->94562 94563 63aec9 94560->94563 94562->94552 94564 63aedc 94563->94564 94568 63aed9 __fread_nolock 94563->94568 94569 64fddb 94564->94569 94566 63aee7 94579 64fe0b 94566->94579 94568->94562 94571 64fde0 94569->94571 94572 64fdfa 94571->94572 94574 64fdfc 94571->94574 94589 65ea0c 94571->94589 94596 654ead 7 API calls 2 library calls 94571->94596 94572->94566 94575 65066d 94574->94575 94597 6532a4 RaiseException 94574->94597 94598 6532a4 RaiseException 94575->94598 94578 65068a 94578->94566 94581 64fddb 94579->94581 94580 65ea0c ___std_exception_copy 21 API calls 94580->94581 94581->94580 94582 64fdfa 94581->94582 94585 64fdfc 94581->94585 94601 654ead 7 API calls 2 library calls 94581->94601 94582->94568 94584 65066d 94603 6532a4 RaiseException 94584->94603 94585->94584 94602 6532a4 RaiseException 94585->94602 94588 65068a 94588->94568 94595 663820 pre_c_initialization 94589->94595 94590 66385e 94600 65f2d9 20 API calls _abort 94590->94600 94592 663849 RtlAllocateHeap 94593 66385c 94592->94593 94592->94595 94593->94571 94595->94590 94595->94592 94599 654ead 7 API calls 2 library calls 94595->94599 94596->94571 94597->94575 94598->94578 94599->94595 94600->94593 94601->94581 94602->94584 94603->94588 94605 64fe0b 22 API calls 94604->94605 94606 63a976 94605->94606 94607 64fddb 22 API calls 94606->94607 94608 6335aa 94607->94608 94608->94496 94610 63516e 94609->94610 94614 63518f __fread_nolock 94609->94614 94612 64fe0b 22 API calls 94610->94612 94611 64fddb 22 API calls 94613 6335cc 94611->94613 94612->94614 94615 6335f3 94613->94615 94614->94611 94616 633605 94615->94616 94620 633624 __fread_nolock 94615->94620 94619 64fe0b 22 API calls 94616->94619 94617 64fddb 22 API calls 94618 63363b 94617->94618 94618->94505 94619->94620 94620->94617 94621->94499 94684 634e90 LoadLibraryA 94622->94684 94627 634ef6 LoadLibraryExW 94692 634e59 LoadLibraryA 94627->94692 94628 673ccf 94630 634f39 68 API calls 94628->94630 94632 673cd6 94630->94632 94634 634e59 3 API calls 94632->94634 94636 673cde 94634->94636 94635 634f20 94635->94636 94637 634f2c 94635->94637 94714 6350f5 94636->94714 94639 634f39 68 API calls 94637->94639 94641 6344cd 94639->94641 94641->94509 94641->94511 94643 673d05 94645 6a2d15 94644->94645 94646 63511f 64 API calls 94645->94646 94647 6a2d29 94646->94647 94864 6a2e66 94647->94864 94650 6350f5 40 API calls 94651 6a2d56 94650->94651 94652 6350f5 40 API calls 94651->94652 94653 6a2d66 94652->94653 94654 6350f5 40 API calls 94653->94654 94655 6a2d81 94654->94655 94656 6350f5 40 API calls 94655->94656 94657 6a2d9c 94656->94657 94658 63511f 64 API calls 94657->94658 94659 6a2db3 94658->94659 94660 65ea0c ___std_exception_copy 21 API calls 94659->94660 94661 6a2dba 94660->94661 94662 65ea0c ___std_exception_copy 21 API calls 94661->94662 94663 6a2dc4 94662->94663 94664 6350f5 40 API calls 94663->94664 94665 6a2dd8 94664->94665 94666 6a28fe 27 API calls 94665->94666 94667 6a2dee 94666->94667 94668 6a2d3f 94667->94668 94870 6a22ce 79 API calls 94667->94870 94668->94513 94670->94523 94672 634f43 94671->94672 94673 634f4a 94671->94673 94871 65e678 94672->94871 94675 634f6a FreeLibrary 94673->94675 94676 634f59 94673->94676 94675->94676 94676->94517 94677->94524 94678->94534 94679->94534 94680->94534 94681->94534 94682->94534 94683->94528 94685 634ec6 94684->94685 94686 634ea8 GetProcAddress 94684->94686 94689 65e5eb 94685->94689 94687 634eb8 94686->94687 94687->94685 94688 634ebf FreeLibrary 94687->94688 94688->94685 94722 65e52a 94689->94722 94691 634eea 94691->94627 94691->94628 94693 634e6e GetProcAddress 94692->94693 94694 634e8d 94692->94694 94695 634e7e 94693->94695 94697 634f80 94694->94697 94695->94694 94696 634e86 FreeLibrary 94695->94696 94696->94694 94698 64fe0b 22 API calls 94697->94698 94699 634f95 94698->94699 94790 635722 94699->94790 94701 634fa1 __fread_nolock 94702 6350a5 94701->94702 94703 673d1d 94701->94703 94713 634fdc 94701->94713 94793 6342a2 CreateStreamOnHGlobal 94702->94793 94804 6a304d 74 API calls 94703->94804 94706 673d22 94708 63511f 64 API calls 94706->94708 94707 6350f5 40 API calls 94707->94713 94709 673d45 94708->94709 94710 6350f5 40 API calls 94709->94710 94711 63506e messages 94710->94711 94711->94635 94713->94706 94713->94707 94713->94711 94799 63511f 94713->94799 94715 635107 94714->94715 94718 673d70 94714->94718 94826 65e8c4 94715->94826 94719 6a28fe 94847 6a274e 94719->94847 94721 6a2919 94721->94643 94725 65e536 CallCatchBlock 94722->94725 94723 65e544 94747 65f2d9 20 API calls _abort 94723->94747 94725->94723 94727 65e574 94725->94727 94726 65e549 94748 6627ec 26 API calls _strftime 94726->94748 94729 65e586 94727->94729 94730 65e579 94727->94730 94739 668061 94729->94739 94749 65f2d9 20 API calls _abort 94730->94749 94733 65e58f 94734 65e595 94733->94734 94735 65e5a2 94733->94735 94750 65f2d9 20 API calls _abort 94734->94750 94751 65e5d4 LeaveCriticalSection __fread_nolock 94735->94751 94737 65e554 __fread_nolock 94737->94691 94740 66806d CallCatchBlock 94739->94740 94752 662f5e EnterCriticalSection 94740->94752 94742 66807b 94753 6680fb 94742->94753 94746 6680ac __fread_nolock 94746->94733 94747->94726 94748->94737 94749->94737 94750->94737 94751->94737 94752->94742 94761 66811e 94753->94761 94754 668177 94771 664c7d 94754->94771 94759 668189 94762 668088 94759->94762 94784 663405 11 API calls 2 library calls 94759->94784 94761->94754 94761->94762 94769 65918d EnterCriticalSection 94761->94769 94770 6591a1 LeaveCriticalSection 94761->94770 94766 6680b7 94762->94766 94763 6681a8 94785 65918d EnterCriticalSection 94763->94785 94789 662fa6 LeaveCriticalSection 94766->94789 94768 6680be 94768->94746 94769->94761 94770->94761 94776 664c8a pre_c_initialization 94771->94776 94772 664cca 94787 65f2d9 20 API calls _abort 94772->94787 94773 664cb5 RtlAllocateHeap 94774 664cc8 94773->94774 94773->94776 94778 6629c8 94774->94778 94776->94772 94776->94773 94786 654ead 7 API calls 2 library calls 94776->94786 94779 6629d3 RtlFreeHeap 94778->94779 94780 6629fc _free 94778->94780 94779->94780 94781 6629e8 94779->94781 94780->94759 94788 65f2d9 20 API calls _abort 94781->94788 94783 6629ee GetLastError 94783->94780 94784->94763 94785->94762 94786->94776 94787->94774 94788->94783 94789->94768 94791 64fddb 22 API calls 94790->94791 94792 635734 94791->94792 94792->94701 94794 6342d9 94793->94794 94795 6342bc FindResourceExW 94793->94795 94794->94713 94795->94794 94796 6735ba LoadResource 94795->94796 94796->94794 94797 6735cf SizeofResource 94796->94797 94797->94794 94798 6735e3 LockResource 94797->94798 94798->94794 94800 673d90 94799->94800 94801 63512e 94799->94801 94805 65ece3 94801->94805 94804->94706 94808 65eaaa 94805->94808 94807 63513c 94807->94713 94811 65eab6 CallCatchBlock 94808->94811 94809 65eac2 94821 65f2d9 20 API calls _abort 94809->94821 94811->94809 94812 65eae8 94811->94812 94823 65918d EnterCriticalSection 94812->94823 94813 65eac7 94822 6627ec 26 API calls _strftime 94813->94822 94816 65eaf4 94824 65ec0a 62 API calls 2 library calls 94816->94824 94818 65eb08 94825 65eb27 LeaveCriticalSection __fread_nolock 94818->94825 94820 65ead2 __fread_nolock 94820->94807 94821->94813 94822->94820 94823->94816 94824->94818 94825->94820 94829 65e8e1 94826->94829 94828 635118 94828->94719 94830 65e8ed CallCatchBlock 94829->94830 94831 65e92d 94830->94831 94833 65e900 ___scrt_fastfail 94830->94833 94841 65e925 __fread_nolock 94830->94841 94844 65918d EnterCriticalSection 94831->94844 94842 65f2d9 20 API calls _abort 94833->94842 94834 65e937 94845 65e6f8 38 API calls 4 library calls 94834->94845 94837 65e91a 94843 6627ec 26 API calls _strftime 94837->94843 94838 65e94e 94846 65e96c LeaveCriticalSection __fread_nolock 94838->94846 94841->94828 94842->94837 94843->94841 94844->94834 94845->94838 94846->94841 94850 65e4e8 94847->94850 94849 6a275d 94849->94721 94853 65e469 94850->94853 94852 65e505 94852->94849 94854 65e48c 94853->94854 94855 65e478 94853->94855 94860 65e488 __alldvrm 94854->94860 94863 66333f 11 API calls 2 library calls 94854->94863 94861 65f2d9 20 API calls _abort 94855->94861 94857 65e47d 94862 6627ec 26 API calls _strftime 94857->94862 94860->94852 94861->94857 94862->94860 94863->94860 94868 6a2e7a 94864->94868 94865 6a28fe 27 API calls 94865->94868 94866 6a2d3b 94866->94650 94866->94668 94867 6350f5 40 API calls 94867->94868 94868->94865 94868->94866 94868->94867 94869 63511f 64 API calls 94868->94869 94869->94868 94870->94668 94872 65e684 CallCatchBlock 94871->94872 94873 65e695 94872->94873 94874 65e6aa 94872->94874 94884 65f2d9 20 API calls _abort 94873->94884 94876 65e6a5 __fread_nolock 94874->94876 94886 65918d EnterCriticalSection 94874->94886 94876->94673 94877 65e69a 94885 6627ec 26 API calls _strftime 94877->94885 94879 65e6c6 94887 65e602 94879->94887 94882 65e6d1 94903 65e6ee LeaveCriticalSection __fread_nolock 94882->94903 94884->94877 94885->94876 94886->94879 94888 65e624 94887->94888 94889 65e60f 94887->94889 94893 65e61f 94888->94893 94906 65dc0b 94888->94906 94904 65f2d9 20 API calls _abort 94889->94904 94892 65e614 94905 6627ec 26 API calls _strftime 94892->94905 94893->94882 94899 65e646 94923 66862f 94899->94923 94902 6629c8 _free 20 API calls 94902->94893 94903->94876 94904->94892 94905->94893 94907 65dc23 94906->94907 94909 65dc1f 94906->94909 94908 65d955 __fread_nolock 26 API calls 94907->94908 94907->94909 94910 65dc43 94908->94910 94912 664d7a 94909->94912 94938 6659be 62 API calls 6 library calls 94910->94938 94913 664d90 94912->94913 94915 65e640 94912->94915 94914 6629c8 _free 20 API calls 94913->94914 94913->94915 94914->94915 94916 65d955 94915->94916 94917 65d976 94916->94917 94918 65d961 94916->94918 94917->94899 94939 65f2d9 20 API calls _abort 94918->94939 94920 65d966 94940 6627ec 26 API calls _strftime 94920->94940 94922 65d971 94922->94899 94924 668653 94923->94924 94925 66863e 94923->94925 94927 66868e 94924->94927 94931 66867a 94924->94931 94941 65f2c6 20 API calls _abort 94925->94941 94946 65f2c6 20 API calls _abort 94927->94946 94928 668643 94942 65f2d9 20 API calls _abort 94928->94942 94943 668607 94931->94943 94932 668693 94947 65f2d9 20 API calls _abort 94932->94947 94935 65e64c 94935->94893 94935->94902 94936 66869b 94948 6627ec 26 API calls _strftime 94936->94948 94938->94909 94939->94920 94940->94922 94941->94928 94942->94935 94949 668585 94943->94949 94945 66862b 94945->94935 94946->94932 94947->94936 94948->94935 94950 668591 CallCatchBlock 94949->94950 94960 665147 EnterCriticalSection 94950->94960 94952 66859f 94953 6685c6 94952->94953 94954 6685d1 94952->94954 94961 6686ae 94953->94961 94976 65f2d9 20 API calls _abort 94954->94976 94957 6685cc 94977 6685fb LeaveCriticalSection __wsopen_s 94957->94977 94959 6685ee __fread_nolock 94959->94945 94960->94952 94978 6653c4 94961->94978 94963 6686c4 94991 665333 21 API calls 3 library calls 94963->94991 94965 6686be 94965->94963 94966 6653c4 __wsopen_s 26 API calls 94965->94966 94975 6686f6 94965->94975 94971 6686ed 94966->94971 94967 6653c4 __wsopen_s 26 API calls 94968 668702 CloseHandle 94967->94968 94968->94963 94972 66870e GetLastError 94968->94972 94969 66873e 94969->94957 94970 66871c 94970->94969 94992 65f2a3 20 API calls 2 library calls 94970->94992 94974 6653c4 __wsopen_s 26 API calls 94971->94974 94972->94963 94974->94975 94975->94963 94975->94967 94976->94957 94977->94959 94979 6653e6 94978->94979 94980 6653d1 94978->94980 94986 66540b 94979->94986 94995 65f2c6 20 API calls _abort 94979->94995 94993 65f2c6 20 API calls _abort 94980->94993 94983 6653d6 94994 65f2d9 20 API calls _abort 94983->94994 94984 665416 94996 65f2d9 20 API calls _abort 94984->94996 94986->94965 94988 6653de 94988->94965 94989 66541e 94997 6627ec 26 API calls _strftime 94989->94997 94991->94970 94992->94969 94993->94983 94994->94988 94995->94984 94996->94989 94997->94988 94998->94544 94999 672ba5 95000 632b25 94999->95000 95001 672baf 94999->95001 95027 632b83 7 API calls 95000->95027 95045 633a5a 95001->95045 95005 672bb8 95052 639cb3 95005->95052 95008 672bc6 95010 672bf5 95008->95010 95011 672bce 95008->95011 95009 632b2f 95018 632b44 95009->95018 95031 633837 95009->95031 95012 6333c6 22 API calls 95010->95012 95058 6333c6 95011->95058 95015 672bf1 GetForegroundWindow ShellExecuteW 95012->95015 95021 672c26 95015->95021 95019 632b5f 95018->95019 95041 6330f2 95018->95041 95024 632b66 SetCurrentDirectoryW 95019->95024 95021->95019 95023 672be7 95025 6333c6 22 API calls 95023->95025 95026 632b7a 95024->95026 95025->95015 95068 632cd4 7 API calls 95027->95068 95029 632b2a 95030 632c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95029->95030 95030->95009 95032 633862 ___scrt_fastfail 95031->95032 95069 634212 95032->95069 95035 6338e8 95037 673386 Shell_NotifyIconW 95035->95037 95038 633906 Shell_NotifyIconW 95035->95038 95073 633923 95038->95073 95040 63391c 95040->95018 95042 633154 95041->95042 95043 633104 ___scrt_fastfail 95041->95043 95042->95019 95044 633123 Shell_NotifyIconW 95043->95044 95044->95042 95046 671f50 __wsopen_s 95045->95046 95047 633a67 GetModuleFileNameW 95046->95047 95048 639cb3 22 API calls 95047->95048 95049 633a8d 95048->95049 95050 633aa2 23 API calls 95049->95050 95051 633a97 95050->95051 95051->95005 95053 639cc2 _wcslen 95052->95053 95054 64fe0b 22 API calls 95053->95054 95055 639cea __fread_nolock 95054->95055 95056 64fddb 22 API calls 95055->95056 95057 639d00 95056->95057 95057->95008 95059 6730bb 95058->95059 95060 6333dd 95058->95060 95062 64fddb 22 API calls 95059->95062 95104 6333ee 95060->95104 95064 6730c5 _wcslen 95062->95064 95063 6333e8 95067 636350 22 API calls 95063->95067 95065 64fe0b 22 API calls 95064->95065 95066 6730fe __fread_nolock 95065->95066 95067->95023 95068->95029 95070 6735a4 95069->95070 95071 6338b7 95069->95071 95070->95071 95072 6735ad DestroyIcon 95070->95072 95071->95035 95095 69c874 42 API calls _strftime 95071->95095 95072->95071 95074 633a13 95073->95074 95075 63393f 95073->95075 95074->95040 95096 636270 95075->95096 95078 673393 LoadStringW 95081 6733ad 95078->95081 95079 63395a 95080 636b57 22 API calls 95079->95080 95082 63396f 95080->95082 95089 633994 ___scrt_fastfail 95081->95089 95102 63a8c7 22 API calls __fread_nolock 95081->95102 95083 6733c9 95082->95083 95084 63397c 95082->95084 95103 636350 22 API calls 95083->95103 95084->95081 95086 633986 95084->95086 95101 636350 22 API calls 95086->95101 95092 6339f9 Shell_NotifyIconW 95089->95092 95090 6733d7 95090->95089 95091 6333c6 22 API calls 95090->95091 95093 6733f9 95091->95093 95092->95074 95094 6333c6 22 API calls 95093->95094 95094->95089 95095->95035 95097 64fe0b 22 API calls 95096->95097 95098 636295 95097->95098 95099 64fddb 22 API calls 95098->95099 95100 63394d 95099->95100 95100->95078 95100->95079 95101->95089 95102->95089 95103->95090 95105 6333fe _wcslen 95104->95105 95106 633411 95105->95106 95107 67311d 95105->95107 95114 63a587 95106->95114 95108 64fddb 22 API calls 95107->95108 95110 673127 95108->95110 95112 64fe0b 22 API calls 95110->95112 95111 63341e __fread_nolock 95111->95063 95113 673157 __fread_nolock 95112->95113 95115 63a59d 95114->95115 95118 63a598 __fread_nolock 95114->95118 95116 67f80f 95115->95116 95117 64fe0b 22 API calls 95115->95117 95117->95118 95118->95111 95119 668402 95124 6681be 95119->95124 95122 66842a 95125 6681ef try_get_first_available_module 95124->95125 95135 668338 95125->95135 95139 658e0b 40 API calls 2 library calls 95125->95139 95127 6683ee 95143 6627ec 26 API calls _strftime 95127->95143 95129 668343 95129->95122 95136 670984 95129->95136 95131 66838c 95131->95135 95140 658e0b 40 API calls 2 library calls 95131->95140 95133 6683ab 95133->95135 95141 658e0b 40 API calls 2 library calls 95133->95141 95135->95129 95142 65f2d9 20 API calls _abort 95135->95142 95144 670081 95136->95144 95138 67099f 95138->95122 95139->95131 95140->95133 95141->95135 95142->95127 95143->95129 95145 67008d CallCatchBlock 95144->95145 95146 67009b 95145->95146 95148 6700d4 95145->95148 95201 65f2d9 20 API calls _abort 95146->95201 95155 67065b 95148->95155 95149 6700a0 95202 6627ec 26 API calls _strftime 95149->95202 95154 6700aa __fread_nolock 95154->95138 95156 670678 95155->95156 95157 6706a6 95156->95157 95158 67068d 95156->95158 95204 665221 95157->95204 95218 65f2c6 20 API calls _abort 95158->95218 95161 6706ab 95163 6706b4 95161->95163 95164 6706cb 95161->95164 95162 670692 95219 65f2d9 20 API calls _abort 95162->95219 95220 65f2c6 20 API calls _abort 95163->95220 95217 67039a CreateFileW 95164->95217 95168 6706b9 95221 65f2d9 20 API calls _abort 95168->95221 95169 6700f8 95203 670121 LeaveCriticalSection __wsopen_s 95169->95203 95171 670781 GetFileType 95172 6707d3 95171->95172 95173 67078c GetLastError 95171->95173 95226 66516a 21 API calls 3 library calls 95172->95226 95224 65f2a3 20 API calls 2 library calls 95173->95224 95174 670756 GetLastError 95223 65f2a3 20 API calls 2 library calls 95174->95223 95176 670704 95176->95171 95176->95174 95222 67039a CreateFileW 95176->95222 95178 67079a CloseHandle 95178->95162 95180 6707c3 95178->95180 95225 65f2d9 20 API calls _abort 95180->95225 95182 670749 95182->95171 95182->95174 95184 6707f4 95186 670840 95184->95186 95227 6705ab 72 API calls 4 library calls 95184->95227 95185 6707c8 95185->95162 95190 67086d 95186->95190 95228 67014d 72 API calls 4 library calls 95186->95228 95189 670866 95189->95190 95191 67087e 95189->95191 95192 6686ae __wsopen_s 29 API calls 95190->95192 95191->95169 95193 6708fc CloseHandle 95191->95193 95192->95169 95229 67039a CreateFileW 95193->95229 95195 670927 95196 67095d 95195->95196 95197 670931 GetLastError 95195->95197 95196->95169 95230 65f2a3 20 API calls 2 library calls 95197->95230 95199 67093d 95231 665333 21 API calls 3 library calls 95199->95231 95201->95149 95202->95154 95203->95154 95205 66522d CallCatchBlock 95204->95205 95232 662f5e EnterCriticalSection 95205->95232 95207 665234 95208 665259 95207->95208 95212 6652c7 EnterCriticalSection 95207->95212 95215 66527b 95207->95215 95236 665000 95208->95236 95211 6652a4 __fread_nolock 95211->95161 95214 6652d4 LeaveCriticalSection 95212->95214 95212->95215 95214->95207 95233 66532a 95215->95233 95217->95176 95218->95162 95219->95169 95220->95168 95221->95162 95222->95182 95223->95162 95224->95178 95225->95185 95226->95184 95227->95186 95228->95189 95229->95195 95230->95199 95231->95196 95232->95207 95244 662fa6 LeaveCriticalSection 95233->95244 95235 665331 95235->95211 95237 664c7d pre_c_initialization 20 API calls 95236->95237 95239 665012 95237->95239 95238 66501f 95240 6629c8 _free 20 API calls 95238->95240 95239->95238 95245 663405 11 API calls 2 library calls 95239->95245 95242 665071 95240->95242 95242->95215 95243 665147 EnterCriticalSection 95242->95243 95243->95215 95244->95235 95245->95239 95246 672402 95249 631410 95246->95249 95250 63144f mciSendStringW 95249->95250 95251 6724b8 DestroyWindow 95249->95251 95252 6316c6 95250->95252 95253 63146b 95250->95253 95264 6724c4 95251->95264 95252->95253 95255 6316d5 UnregisterHotKey 95252->95255 95254 631479 95253->95254 95253->95264 95282 63182e 95254->95282 95255->95252 95257 672509 95263 67251c FreeLibrary 95257->95263 95265 67252d 95257->95265 95258 6724e2 FindClose 95258->95264 95259 6724d8 95259->95264 95288 636246 CloseHandle 95259->95288 95262 63148e 95262->95265 95269 63149c 95262->95269 95263->95257 95264->95257 95264->95258 95264->95259 95266 672541 VirtualFree 95265->95266 95271 631509 95265->95271 95266->95265 95267 6314f8 CoUninitialize 95267->95271 95268 672589 95274 672598 messages 95268->95274 95289 6a32eb 6 API calls messages 95268->95289 95269->95267 95271->95268 95272 631514 95271->95272 95286 631944 VirtualFreeEx CloseHandle 95272->95286 95278 672627 95274->95278 95290 6964d4 22 API calls messages 95274->95290 95276 63153a 95276->95274 95277 63161f 95276->95277 95277->95278 95279 63166d 95277->95279 95278->95278 95279->95278 95287 631876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 95279->95287 95281 6316c1 95283 63183b 95282->95283 95284 631480 95283->95284 95291 69702a 22 API calls 95283->95291 95284->95257 95284->95262 95286->95276 95287->95281 95288->95259 95289->95268 95290->95274 95291->95283 95292 631044 95297 6310f3 95292->95297 95294 63104a 95333 6500a3 29 API calls __onexit 95294->95333 95296 631054 95334 631398 95297->95334 95301 63116a 95302 63a961 22 API calls 95301->95302 95303 631174 95302->95303 95304 63a961 22 API calls 95303->95304 95305 63117e 95304->95305 95306 63a961 22 API calls 95305->95306 95307 631188 95306->95307 95308 63a961 22 API calls 95307->95308 95309 6311c6 95308->95309 95310 63a961 22 API calls 95309->95310 95311 631292 95310->95311 95344 63171c 95311->95344 95315 6312c4 95316 63a961 22 API calls 95315->95316 95317 6312ce 95316->95317 95365 641940 95317->95365 95319 6312f9 95375 631aab 95319->95375 95321 631315 95322 631325 GetStdHandle 95321->95322 95323 672485 95322->95323 95324 63137a 95322->95324 95323->95324 95325 67248e 95323->95325 95328 631387 OleInitialize 95324->95328 95326 64fddb 22 API calls 95325->95326 95327 672495 95326->95327 95382 6a011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 95327->95382 95328->95294 95330 67249e 95383 6a0944 CreateThread 95330->95383 95332 6724aa CloseHandle 95332->95324 95333->95296 95384 6313f1 95334->95384 95337 6313f1 22 API calls 95338 6313d0 95337->95338 95339 63a961 22 API calls 95338->95339 95340 6313dc 95339->95340 95341 636b57 22 API calls 95340->95341 95342 631129 95341->95342 95343 631bc3 6 API calls 95342->95343 95343->95301 95345 63a961 22 API calls 95344->95345 95346 63172c 95345->95346 95347 63a961 22 API calls 95346->95347 95348 631734 95347->95348 95349 63a961 22 API calls 95348->95349 95350 63174f 95349->95350 95351 64fddb 22 API calls 95350->95351 95352 63129c 95351->95352 95353 631b4a 95352->95353 95354 631b58 95353->95354 95355 63a961 22 API calls 95354->95355 95356 631b63 95355->95356 95357 63a961 22 API calls 95356->95357 95358 631b6e 95357->95358 95359 63a961 22 API calls 95358->95359 95360 631b79 95359->95360 95361 63a961 22 API calls 95360->95361 95362 631b84 95361->95362 95363 64fddb 22 API calls 95362->95363 95364 631b96 RegisterWindowMessageW 95363->95364 95364->95315 95366 641981 95365->95366 95367 64195d 95365->95367 95391 650242 5 API calls __Init_thread_wait 95366->95391 95374 64196e 95367->95374 95393 650242 5 API calls __Init_thread_wait 95367->95393 95370 64198b 95370->95367 95392 6501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95370->95392 95371 648727 95371->95374 95394 6501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95371->95394 95374->95319 95376 631abb 95375->95376 95377 67272d 95375->95377 95378 64fddb 22 API calls 95376->95378 95395 6a3209 23 API calls 95377->95395 95381 631ac3 95378->95381 95380 672738 95381->95321 95382->95330 95383->95332 95396 6a092a 28 API calls 95383->95396 95385 63a961 22 API calls 95384->95385 95386 6313fc 95385->95386 95387 63a961 22 API calls 95386->95387 95388 631404 95387->95388 95389 63a961 22 API calls 95388->95389 95390 6313c6 95389->95390 95390->95337 95391->95370 95392->95367 95393->95371 95394->95374 95395->95380 95397 682a00 95408 63d7b0 messages 95397->95408 95398 63db11 PeekMessageW 95398->95408 95399 63d9d5 95400 63d807 GetInputState 95400->95398 95400->95408 95402 681cbe TranslateAcceleratorW 95402->95408 95403 63db73 TranslateMessage DispatchMessageW 95404 63db8f PeekMessageW 95403->95404 95404->95408 95405 63da04 timeGetTime 95405->95408 95406 63dbaf Sleep 95406->95408 95407 682b74 Sleep 95410 682a51 95407->95410 95408->95398 95408->95399 95408->95400 95408->95402 95408->95403 95408->95404 95408->95405 95408->95406 95408->95407 95408->95410 95411 681dda timeGetTime 95408->95411 95429 63dd50 95408->95429 95436 641310 95408->95436 95491 63bf40 95408->95491 95549 64edf6 95408->95549 95554 63dfd0 348 API calls 3 library calls 95408->95554 95555 64e551 timeGetTime 95408->95555 95557 6a3a2a 23 API calls 95408->95557 95558 63ec40 95408->95558 95582 6a359c 82 API calls __wsopen_s 95408->95582 95410->95399 95410->95408 95415 682c0b GetExitCodeProcess 95410->95415 95419 6c29bf GetForegroundWindow 95410->95419 95420 682ca9 Sleep 95410->95420 95583 6b5658 23 API calls 95410->95583 95584 69e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 95410->95584 95585 64e551 timeGetTime 95410->95585 95586 69d4dc CreateToolhelp32Snapshot Process32FirstW 95410->95586 95556 64e300 23 API calls 95411->95556 95417 682c21 WaitForSingleObject 95415->95417 95418 682c37 CloseHandle 95415->95418 95417->95408 95417->95418 95418->95410 95419->95410 95420->95408 95430 63dd83 95429->95430 95431 63dd6f 95429->95431 95628 6a359c 82 API calls __wsopen_s 95430->95628 95596 63d260 95431->95596 95434 63dd7a 95434->95408 95435 682f75 95435->95435 95437 641376 95436->95437 95438 6417b0 95436->95438 95439 641390 95437->95439 95440 686331 95437->95440 95667 650242 5 API calls __Init_thread_wait 95438->95667 95442 641940 9 API calls 95439->95442 95681 6b709c 348 API calls 95440->95681 95445 6413a0 95442->95445 95444 6417ba 95447 6417fb 95444->95447 95449 639cb3 22 API calls 95444->95449 95448 641940 9 API calls 95445->95448 95446 68633d 95446->95408 95451 686346 95447->95451 95453 64182c 95447->95453 95450 6413b6 95448->95450 95456 6417d4 95449->95456 95450->95447 95452 6413ec 95450->95452 95682 6a359c 82 API calls __wsopen_s 95451->95682 95452->95451 95466 641408 __fread_nolock 95452->95466 95669 63aceb 95453->95669 95668 6501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95456->95668 95457 641839 95679 64d217 348 API calls 95457->95679 95460 68636e 95683 6a359c 82 API calls __wsopen_s 95460->95683 95462 64153c 95465 641940 9 API calls 95462->95465 95463 6863d1 95685 6b5745 54 API calls _wcslen 95463->95685 95467 641549 95465->95467 95466->95457 95466->95460 95468 64fddb 22 API calls 95466->95468 95470 64fe0b 22 API calls 95466->95470 95476 63ec40 348 API calls 95466->95476 95477 64152f 95466->95477 95478 6863b2 95466->95478 95482 6415c7 messages 95466->95482 95474 641940 9 API calls 95467->95474 95467->95482 95468->95466 95469 641872 95680 64faeb 23 API calls 95469->95680 95470->95466 95471 64167b messages 95473 64171d 95471->95473 95666 64ce17 22 API calls messages 95471->95666 95473->95408 95483 641563 95474->95483 95476->95466 95477->95462 95477->95463 95684 6a359c 82 API calls __wsopen_s 95478->95684 95479 641940 9 API calls 95479->95482 95482->95469 95482->95471 95482->95479 95638 6babf7 95482->95638 95643 6bab67 95482->95643 95646 6c1591 95482->95646 95649 6a5c5a 95482->95649 95654 6ba2ea 95482->95654 95659 64f645 95482->95659 95687 6a359c 82 API calls __wsopen_s 95482->95687 95483->95482 95686 63a8c7 22 API calls __fread_nolock 95483->95686 95861 63adf0 95491->95861 95493 63bf9d 95494 63bfa9 95493->95494 95495 6804b6 95493->95495 95497 6804c6 95494->95497 95498 63c01e 95494->95498 95879 6a359c 82 API calls __wsopen_s 95495->95879 95880 6a359c 82 API calls __wsopen_s 95497->95880 95866 63ac91 95498->95866 95501 6804f5 95514 68055a 95501->95514 95881 64d217 348 API calls 95501->95881 95503 63c7da 95507 64fe0b 22 API calls 95503->95507 95504 697120 22 API calls 95511 63c039 __fread_nolock messages 95504->95511 95518 63c808 __fread_nolock 95507->95518 95511->95501 95511->95503 95511->95504 95512 64fddb 22 API calls 95511->95512 95513 63ec40 348 API calls 95511->95513 95511->95514 95515 68091a 95511->95515 95517 63af8a 22 API calls 95511->95517 95511->95518 95521 6808a5 95511->95521 95525 680591 95511->95525 95526 6808f6 95511->95526 95531 63aceb 23 API calls 95511->95531 95532 63c237 95511->95532 95535 64fe0b 22 API calls 95511->95535 95536 63c603 95511->95536 95543 6809bf 95511->95543 95545 63bbe0 40 API calls 95511->95545 95870 63ad81 95511->95870 95884 697099 22 API calls __fread_nolock 95511->95884 95885 6b5745 54 API calls _wcslen 95511->95885 95886 64aa42 22 API calls messages 95511->95886 95887 69f05c 40 API calls 95511->95887 95888 63a993 41 API calls 95511->95888 95512->95511 95513->95511 95514->95536 95882 6a359c 82 API calls __wsopen_s 95514->95882 95891 6a3209 23 API calls 95515->95891 95516 64fe0b 22 API calls 95547 63c350 __fread_nolock messages 95516->95547 95517->95511 95518->95516 95522 63ec40 348 API calls 95521->95522 95524 6808cf 95522->95524 95524->95536 95889 63a81b 41 API calls 95524->95889 95883 6a359c 82 API calls __wsopen_s 95525->95883 95890 6a359c 82 API calls __wsopen_s 95526->95890 95531->95511 95533 63c253 95532->95533 95892 63a8c7 22 API calls __fread_nolock 95532->95892 95537 680976 95533->95537 95540 63c297 messages 95533->95540 95535->95511 95536->95408 95539 63aceb 23 API calls 95537->95539 95539->95543 95541 63aceb 23 API calls 95540->95541 95540->95543 95542 63c335 95541->95542 95542->95543 95544 63c342 95542->95544 95543->95536 95893 6a359c 82 API calls __wsopen_s 95543->95893 95877 63a704 22 API calls messages 95544->95877 95545->95511 95548 63c3ac 95547->95548 95878 64ce17 22 API calls messages 95547->95878 95548->95408 95550 64ee09 95549->95550 95553 64ee12 95549->95553 95550->95408 95551 64ee36 IsDialogMessageW 95551->95550 95551->95553 95552 68efaf GetClassLongW 95552->95551 95552->95553 95553->95550 95553->95551 95553->95552 95554->95408 95555->95408 95556->95408 95557->95408 95561 63ec76 messages 95558->95561 95559 650242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95559->95561 95560 64fddb 22 API calls 95560->95561 95561->95559 95561->95560 95562 684beb 95561->95562 95563 63ed9d messages 95561->95563 95566 63f3ae messages 95561->95566 95567 63fef7 95561->95567 95568 684600 95561->95568 95569 684b0b 95561->95569 95573 63a8c7 22 API calls 95561->95573 95576 63fbe3 95561->95576 95577 63a961 22 API calls 95561->95577 95579 6500a3 29 API calls pre_c_initialization 95561->95579 95581 6501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95561->95581 95903 6401e0 348 API calls 2 library calls 95561->95903 95904 6406a0 41 API calls messages 95561->95904 95910 6a359c 82 API calls __wsopen_s 95562->95910 95563->95408 95566->95563 95907 6a359c 82 API calls __wsopen_s 95566->95907 95567->95563 95906 63a8c7 22 API calls __fread_nolock 95567->95906 95568->95563 95905 63a8c7 22 API calls __fread_nolock 95568->95905 95908 6a359c 82 API calls __wsopen_s 95569->95908 95573->95561 95576->95563 95576->95566 95578 684bdc 95576->95578 95577->95561 95909 6a359c 82 API calls __wsopen_s 95578->95909 95579->95561 95581->95561 95582->95408 95583->95410 95584->95410 95585->95410 95911 69def7 95586->95911 95588 69d529 Process32NextW 95589 69d5db CloseHandle 95588->95589 95590 69d522 95588->95590 95589->95410 95590->95588 95590->95589 95591 63a961 22 API calls 95590->95591 95592 639cb3 22 API calls 95590->95592 95917 63525f 22 API calls 95590->95917 95918 636350 22 API calls 95590->95918 95919 64ce60 41 API calls 95590->95919 95591->95590 95592->95590 95597 63ec40 348 API calls 95596->95597 95613 63d29d 95597->95613 95598 681bc4 95637 6a359c 82 API calls __wsopen_s 95598->95637 95600 63d30b messages 95600->95434 95601 63d6d5 95601->95600 95611 64fe0b 22 API calls 95601->95611 95602 63d3c3 95602->95601 95604 63d3ce 95602->95604 95603 63d5ff 95607 63d614 95603->95607 95608 681bb5 95603->95608 95606 64fddb 22 API calls 95604->95606 95605 63d4b8 95612 64fe0b 22 API calls 95605->95612 95616 63d3d5 __fread_nolock 95606->95616 95609 64fddb 22 API calls 95607->95609 95636 6b5705 23 API calls 95608->95636 95620 63d46a 95609->95620 95611->95616 95623 63d429 __fread_nolock messages 95612->95623 95613->95598 95613->95600 95613->95601 95613->95602 95613->95605 95617 64fddb 22 API calls 95613->95617 95613->95623 95614 64fddb 22 API calls 95615 63d3f6 95614->95615 95615->95623 95629 63bec0 348 API calls 95615->95629 95616->95614 95616->95615 95617->95613 95619 681ba4 95635 6a359c 82 API calls __wsopen_s 95619->95635 95620->95434 95623->95603 95623->95619 95623->95620 95624 681b7f 95623->95624 95626 681b5d 95623->95626 95630 631f6f 95623->95630 95634 6a359c 82 API calls __wsopen_s 95624->95634 95633 6a359c 82 API calls __wsopen_s 95626->95633 95628->95435 95629->95623 95631 63ec40 348 API calls 95630->95631 95632 631f98 95631->95632 95632->95623 95633->95620 95634->95620 95635->95620 95636->95598 95637->95600 95688 6baff9 95638->95688 95640 6bac54 95640->95482 95641 6bac0c 95641->95640 95642 63aceb 23 API calls 95641->95642 95642->95640 95644 6baff9 217 API calls 95643->95644 95645 6bab79 95644->95645 95645->95482 95843 6c2ad8 95646->95843 95648 6c159f 95648->95482 95650 637510 53 API calls 95649->95650 95651 6a5c6d 95650->95651 95854 69dbbe lstrlenW 95651->95854 95653 6a5c77 95653->95482 95655 637510 53 API calls 95654->95655 95656 6ba306 95655->95656 95657 69d4dc 47 API calls 95656->95657 95658 6ba315 95657->95658 95658->95482 95660 63b567 39 API calls 95659->95660 95661 64f659 95660->95661 95662 68f2dc Sleep 95661->95662 95663 64f661 timeGetTime 95661->95663 95664 63b567 39 API calls 95663->95664 95665 64f677 95664->95665 95665->95482 95666->95471 95667->95444 95668->95447 95670 63acf9 95669->95670 95678 63ad2a messages 95669->95678 95671 63ad55 95670->95671 95673 63ad01 messages 95670->95673 95671->95678 95859 63a8c7 22 API calls __fread_nolock 95671->95859 95674 63ad21 95673->95674 95675 67fa48 95673->95675 95673->95678 95676 67fa3a VariantClear 95674->95676 95674->95678 95675->95678 95860 64ce17 22 API calls messages 95675->95860 95676->95678 95678->95457 95679->95469 95680->95469 95681->95446 95682->95482 95683->95482 95684->95482 95685->95483 95686->95482 95687->95482 95689 6bb01d ___scrt_fastfail 95688->95689 95690 6bb058 95689->95690 95691 6bb094 95689->95691 95809 63b567 95690->95809 95695 63b567 39 API calls 95691->95695 95696 6bb08b 95691->95696 95693 6bb063 95693->95696 95699 63b567 39 API calls 95693->95699 95694 6bb0ed 95779 637510 95694->95779 95698 6bb0a5 95695->95698 95696->95694 95700 63b567 39 API calls 95696->95700 95702 63b567 39 API calls 95698->95702 95703 6bb078 95699->95703 95700->95694 95702->95696 95705 63b567 39 API calls 95703->95705 95705->95696 95706 6bb115 95707 6bb1d8 95706->95707 95708 6bb11f 95706->95708 95710 6bb20a GetCurrentDirectoryW 95707->95710 95713 637510 53 API calls 95707->95713 95709 637510 53 API calls 95708->95709 95711 6bb130 95709->95711 95712 64fe0b 22 API calls 95710->95712 95714 637620 22 API calls 95711->95714 95715 6bb22f GetCurrentDirectoryW 95712->95715 95716 6bb1ef 95713->95716 95717 6bb13a 95714->95717 95718 6bb23c 95715->95718 95719 637620 22 API calls 95716->95719 95720 637510 53 API calls 95717->95720 95723 6bb275 95718->95723 95814 639c6e 22 API calls 95718->95814 95721 6bb1f9 _wcslen 95719->95721 95722 6bb14b 95720->95722 95721->95710 95721->95723 95724 637620 22 API calls 95722->95724 95730 6bb28b 95723->95730 95731 6bb287 95723->95731 95726 6bb155 95724->95726 95728 637510 53 API calls 95726->95728 95727 6bb255 95815 639c6e 22 API calls 95727->95815 95733 6bb166 95728->95733 95817 6a07c0 10 API calls 95730->95817 95736 6bb39a CreateProcessW 95731->95736 95737 6bb2f8 95731->95737 95738 637620 22 API calls 95733->95738 95734 6bb265 95816 639c6e 22 API calls 95734->95816 95735 6bb294 95818 6a06e6 10 API calls 95735->95818 95778 6bb32f _wcslen 95736->95778 95820 6911c8 39 API calls 95737->95820 95742 6bb170 95738->95742 95745 6bb1a6 GetSystemDirectoryW 95742->95745 95750 637510 53 API calls 95742->95750 95743 6bb2aa 95819 6a05a7 8 API calls 95743->95819 95744 6bb2fd 95748 6bb32a 95744->95748 95749 6bb323 95744->95749 95747 64fe0b 22 API calls 95745->95747 95752 6bb1cb GetSystemDirectoryW 95747->95752 95822 6914ce 6 API calls 95748->95822 95821 691201 128 API calls 2 library calls 95749->95821 95754 6bb187 95750->95754 95751 6bb2d0 95751->95731 95752->95718 95757 637620 22 API calls 95754->95757 95756 6bb328 95756->95778 95758 6bb191 _wcslen 95757->95758 95758->95718 95758->95745 95759 6bb42f CloseHandle 95761 6bb43f 95759->95761 95769 6bb49a 95759->95769 95760 6bb3d6 GetLastError 95768 6bb41a 95760->95768 95762 6bb451 95761->95762 95763 6bb446 CloseHandle 95761->95763 95766 6bb458 CloseHandle 95762->95766 95767 6bb463 95762->95767 95763->95762 95765 6bb4a6 95765->95768 95766->95767 95770 6bb46a CloseHandle 95767->95770 95771 6bb475 95767->95771 95806 6a0175 95768->95806 95769->95765 95774 6bb4d2 CloseHandle 95769->95774 95770->95771 95823 6a09d9 34 API calls 95771->95823 95774->95768 95776 6bb486 95824 6bb536 25 API calls 95776->95824 95778->95759 95778->95760 95780 637522 95779->95780 95781 637525 95779->95781 95802 637620 95780->95802 95782 63755b 95781->95782 95783 63752d 95781->95783 95784 6750f6 95782->95784 95787 63756d 95782->95787 95794 67500f 95782->95794 95825 6551c6 26 API calls 95783->95825 95828 655183 26 API calls 95784->95828 95826 64fb21 51 API calls 95787->95826 95788 63753d 95791 64fddb 22 API calls 95788->95791 95789 67510e 95789->95789 95793 637547 95791->95793 95795 639cb3 22 API calls 95793->95795 95796 64fe0b 22 API calls 95794->95796 95801 675088 95794->95801 95795->95780 95797 675058 95796->95797 95798 64fddb 22 API calls 95797->95798 95799 67507f 95798->95799 95800 639cb3 22 API calls 95799->95800 95800->95801 95827 64fb21 51 API calls 95801->95827 95803 63762a _wcslen 95802->95803 95804 64fe0b 22 API calls 95803->95804 95805 63763f 95804->95805 95805->95706 95829 6a030f 95806->95829 95810 63b578 95809->95810 95811 63b57f 95809->95811 95810->95811 95842 6562d1 39 API calls 95810->95842 95811->95693 95813 63b5c2 95813->95693 95814->95727 95815->95734 95816->95723 95817->95735 95818->95743 95819->95751 95820->95744 95821->95756 95822->95778 95823->95776 95824->95769 95825->95788 95826->95788 95827->95784 95828->95789 95830 6a0329 95829->95830 95831 6a0321 CloseHandle 95829->95831 95832 6a032e CloseHandle 95830->95832 95833 6a0336 95830->95833 95831->95830 95832->95833 95834 6a033b CloseHandle 95833->95834 95835 6a0343 95833->95835 95834->95835 95836 6a0348 CloseHandle 95835->95836 95837 6a0350 95835->95837 95836->95837 95838 6a035d 95837->95838 95839 6a0355 CloseHandle 95837->95839 95840 6a017d 95838->95840 95841 6a0362 CloseHandle 95838->95841 95839->95838 95840->95641 95841->95840 95842->95813 95844 63aceb 23 API calls 95843->95844 95845 6c2af3 95844->95845 95846 6c2b1d 95845->95846 95847 6c2aff 95845->95847 95848 636b57 22 API calls 95846->95848 95849 637510 53 API calls 95847->95849 95852 6c2b1b 95848->95852 95850 6c2b0c 95849->95850 95850->95852 95853 63a8c7 22 API calls __fread_nolock 95850->95853 95852->95648 95853->95852 95855 69dbdc GetFileAttributesW 95854->95855 95856 69dc06 95854->95856 95855->95856 95857 69dbe8 FindFirstFileW 95855->95857 95856->95653 95857->95856 95858 69dbf9 FindClose 95857->95858 95858->95856 95859->95678 95860->95678 95862 63ae01 95861->95862 95865 63ae1c messages 95861->95865 95863 63aec9 22 API calls 95862->95863 95864 63ae09 CharUpperBuffW 95863->95864 95864->95865 95865->95493 95867 63acae 95866->95867 95868 63acd1 95867->95868 95894 6a359c 82 API calls __wsopen_s 95867->95894 95868->95511 95871 63ad92 95870->95871 95872 67fadb 95870->95872 95873 64fddb 22 API calls 95871->95873 95874 63ad99 95873->95874 95895 63adcd 95874->95895 95877->95547 95878->95547 95879->95497 95880->95536 95881->95514 95882->95536 95883->95536 95884->95511 95885->95511 95886->95511 95887->95511 95888->95511 95889->95526 95890->95536 95891->95532 95892->95533 95893->95536 95894->95868 95901 63addd 95895->95901 95896 63adb6 95896->95511 95897 64fddb 22 API calls 95897->95901 95898 63a961 22 API calls 95898->95901 95899 63adcd 22 API calls 95899->95901 95901->95896 95901->95897 95901->95898 95901->95899 95902 63a8c7 22 API calls __fread_nolock 95901->95902 95902->95901 95903->95561 95904->95561 95905->95563 95906->95563 95907->95563 95908->95563 95909->95562 95910->95563 95912 69df02 95911->95912 95913 69df19 95912->95913 95916 69df1f 95912->95916 95920 6563b2 GetStringTypeW _strftime 95912->95920 95921 6562fb 39 API calls 95913->95921 95916->95590 95917->95590 95918->95590 95919->95590 95920->95912 95921->95916 95922 631cad SystemParametersInfoW 95923 631033 95928 634c91 95923->95928 95927 631042 95929 63a961 22 API calls 95928->95929 95930 634cff 95929->95930 95936 633af0 95930->95936 95933 634d9c 95934 631038 95933->95934 95939 6351f7 22 API calls __fread_nolock 95933->95939 95935 6500a3 29 API calls __onexit 95934->95935 95935->95927 95940 633b1c 95936->95940 95939->95933 95941 633b0f 95940->95941 95942 633b29 95940->95942 95941->95933 95942->95941 95943 633b30 RegOpenKeyExW 95942->95943 95943->95941 95944 633b4a RegQueryValueExW 95943->95944 95945 633b80 RegCloseKey 95944->95945 95946 633b6b 95944->95946 95945->95941 95946->95945 95947 632e37 95948 63a961 22 API calls 95947->95948 95949 632e4d 95948->95949 96026 634ae3 95949->96026 95951 632e6b 95952 633a5a 24 API calls 95951->95952 95953 632e7f 95952->95953 95954 639cb3 22 API calls 95953->95954 95955 632e8c 95954->95955 95956 634ecb 94 API calls 95955->95956 95957 632ea5 95956->95957 95958 672cb0 95957->95958 95959 632ead 95957->95959 95960 6a2cf9 80 API calls 95958->95960 96040 63a8c7 22 API calls __fread_nolock 95959->96040 95961 672cc3 95960->95961 95962 672ccf 95961->95962 95964 634f39 68 API calls 95961->95964 95968 634f39 68 API calls 95962->95968 95964->95962 95965 632ec3 96041 636f88 22 API calls 95965->96041 95967 632ecf 95969 639cb3 22 API calls 95967->95969 95970 672ce5 95968->95970 95971 632edc 95969->95971 96058 633084 22 API calls 95970->96058 96042 63a81b 41 API calls 95971->96042 95974 632eec 95976 639cb3 22 API calls 95974->95976 95975 672d02 96059 633084 22 API calls 95975->96059 95978 632f12 95976->95978 96043 63a81b 41 API calls 95978->96043 95979 672d1e 95981 633a5a 24 API calls 95979->95981 95982 672d44 95981->95982 96060 633084 22 API calls 95982->96060 95984 632f21 95985 63a961 22 API calls 95984->95985 95987 632f3f 95985->95987 95986 672d50 96061 63a8c7 22 API calls __fread_nolock 95986->96061 96044 633084 22 API calls 95987->96044 95990 672d5e 96062 633084 22 API calls 95990->96062 95991 632f4b 96045 654a28 40 API calls 2 library calls 95991->96045 95994 672d6d 96063 63a8c7 22 API calls __fread_nolock 95994->96063 95995 632f59 95995->95970 95996 632f63 95995->95996 96046 654a28 40 API calls 2 library calls 95996->96046 95999 672d83 96064 633084 22 API calls 95999->96064 96000 632f6e 96000->95975 96002 632f78 96000->96002 96047 654a28 40 API calls 2 library calls 96002->96047 96003 672d90 96005 632f83 96005->95979 96006 632f8d 96005->96006 96048 654a28 40 API calls 2 library calls 96006->96048 96008 632f98 96009 632fdc 96008->96009 96049 633084 22 API calls 96008->96049 96009->95994 96010 632fe8 96009->96010 96010->96003 96052 6363eb 22 API calls 96010->96052 96012 632fbf 96050 63a8c7 22 API calls __fread_nolock 96012->96050 96015 632ff8 96053 636a50 22 API calls 96015->96053 96016 632fcd 96051 633084 22 API calls 96016->96051 96019 633006 96054 6370b0 23 API calls 96019->96054 96023 633021 96024 633065 96023->96024 96055 636f88 22 API calls 96023->96055 96056 6370b0 23 API calls 96023->96056 96057 633084 22 API calls 96023->96057 96027 634af0 __wsopen_s 96026->96027 96028 636b57 22 API calls 96027->96028 96029 634b22 96027->96029 96028->96029 96039 634b58 96029->96039 96065 634c6d 96029->96065 96031 639cb3 22 API calls 96033 634c52 96031->96033 96032 639cb3 22 API calls 96032->96039 96034 63515f 22 API calls 96033->96034 96037 634c5e 96034->96037 96035 634c6d 22 API calls 96035->96039 96036 63515f 22 API calls 96036->96039 96037->95951 96038 634c29 96038->96031 96038->96037 96039->96032 96039->96035 96039->96036 96039->96038 96040->95965 96041->95967 96042->95974 96043->95984 96044->95991 96045->95995 96046->96000 96047->96005 96048->96008 96049->96012 96050->96016 96051->96009 96052->96015 96053->96019 96054->96023 96055->96023 96056->96023 96057->96023 96058->95975 96059->95979 96060->95986 96061->95990 96062->95994 96063->95999 96064->96003 96066 63aec9 22 API calls 96065->96066 96067 634c78 96066->96067 96067->96029 96068 633156 96071 633170 96068->96071 96072 633187 96071->96072 96073 6331eb 96072->96073 96074 63318c 96072->96074 96111 6331e9 96072->96111 96076 6331f1 96073->96076 96077 672dfb 96073->96077 96078 633265 PostQuitMessage 96074->96078 96079 633199 96074->96079 96075 6331d0 DefWindowProcW 96113 63316a 96075->96113 96080 6331f8 96076->96080 96081 63321d SetTimer RegisterWindowMessageW 96076->96081 96126 6318e2 10 API calls 96077->96126 96078->96113 96083 6331a4 96079->96083 96084 672e7c 96079->96084 96085 633201 KillTimer 96080->96085 96086 672d9c 96080->96086 96088 633246 CreatePopupMenu 96081->96088 96081->96113 96089 6331ae 96083->96089 96090 672e68 96083->96090 96129 69bf30 34 API calls ___scrt_fastfail 96084->96129 96095 6330f2 Shell_NotifyIconW 96085->96095 96093 672dd7 MoveWindow 96086->96093 96094 672da1 96086->96094 96087 672e1c 96127 64e499 42 API calls 96087->96127 96088->96113 96098 672e4d 96089->96098 96099 6331b9 96089->96099 96116 69c161 96090->96116 96092 672e8e 96092->96075 96092->96113 96093->96113 96101 672da7 96094->96101 96102 672dc6 SetFocus 96094->96102 96103 633214 96095->96103 96098->96075 96128 690ad7 22 API calls 96098->96128 96100 633253 96099->96100 96104 6331c4 96099->96104 96124 63326f 44 API calls ___scrt_fastfail 96100->96124 96101->96104 96106 672db0 96101->96106 96102->96113 96123 633c50 DeleteObject DestroyWindow 96103->96123 96104->96075 96112 6330f2 Shell_NotifyIconW 96104->96112 96125 6318e2 10 API calls 96106->96125 96109 633263 96109->96113 96111->96075 96114 672e41 96112->96114 96115 633837 49 API calls 96114->96115 96115->96111 96117 69c276 96116->96117 96118 69c179 ___scrt_fastfail 96116->96118 96117->96113 96119 633923 24 API calls 96118->96119 96121 69c1a0 96119->96121 96120 69c25f KillTimer SetTimer 96120->96117 96121->96120 96122 69c251 Shell_NotifyIconW 96121->96122 96122->96120 96123->96113 96124->96109 96125->96113 96126->96087 96127->96104 96128->96111 96129->96092 96130 63105b 96135 63344d 96130->96135 96132 63106a 96166 6500a3 29 API calls __onexit 96132->96166 96134 631074 96136 63345d __wsopen_s 96135->96136 96137 63a961 22 API calls 96136->96137 96138 633513 96137->96138 96139 633a5a 24 API calls 96138->96139 96140 63351c 96139->96140 96167 633357 96140->96167 96143 6333c6 22 API calls 96144 633535 96143->96144 96145 63515f 22 API calls 96144->96145 96146 633544 96145->96146 96147 63a961 22 API calls 96146->96147 96148 63354d 96147->96148 96149 63a6c3 22 API calls 96148->96149 96150 633556 RegOpenKeyExW 96149->96150 96151 673176 RegQueryValueExW 96150->96151 96155 633578 96150->96155 96152 673193 96151->96152 96153 67320c RegCloseKey 96151->96153 96154 64fe0b 22 API calls 96152->96154 96153->96155 96159 67321e _wcslen 96153->96159 96156 6731ac 96154->96156 96155->96132 96157 635722 22 API calls 96156->96157 96160 6731b7 RegQueryValueExW 96157->96160 96158 634c6d 22 API calls 96158->96159 96159->96155 96159->96158 96164 639cb3 22 API calls 96159->96164 96165 63515f 22 API calls 96159->96165 96161 6731d4 96160->96161 96162 6731ee messages 96160->96162 96163 636b57 22 API calls 96161->96163 96162->96153 96163->96162 96164->96159 96165->96159 96166->96134 96168 671f50 __wsopen_s 96167->96168 96169 633364 GetFullPathNameW 96168->96169 96170 633386 96169->96170 96171 636b57 22 API calls 96170->96171 96172 6333a4 96171->96172 96172->96143 96173 6c2a55 96181 6a1ebc 96173->96181 96176 6c2a70 96183 6939c0 22 API calls 96176->96183 96177 6c2a87 96179 6c2a7c 96184 69417d 22 API calls __fread_nolock 96179->96184 96182 6a1ec3 IsWindow 96181->96182 96182->96176 96182->96177 96183->96179 96184->96177 96185 631098 96190 6342de 96185->96190 96189 6310a7 96191 63a961 22 API calls 96190->96191 96192 6342f5 GetVersionExW 96191->96192 96193 636b57 22 API calls 96192->96193 96194 634342 96193->96194 96195 6393b2 22 API calls 96194->96195 96199 634378 96194->96199 96196 63436c 96195->96196 96198 6337a0 22 API calls 96196->96198 96197 63441b GetCurrentProcess IsWow64Process 96200 634437 96197->96200 96198->96199 96199->96197 96207 6737df 96199->96207 96201 673824 GetSystemInfo 96200->96201 96202 63444f LoadLibraryA 96200->96202 96203 634460 GetProcAddress 96202->96203 96204 63449c GetSystemInfo 96202->96204 96203->96204 96205 634470 GetNativeSystemInfo 96203->96205 96206 634476 96204->96206 96205->96206 96208 63109d 96206->96208 96209 63447a FreeLibrary 96206->96209 96210 6500a3 29 API calls __onexit 96208->96210 96209->96208 96210->96189 96211 63f7bf 96212 63f7d3 96211->96212 96213 63fcb6 96211->96213 96214 63fcc2 96212->96214 96216 64fddb 22 API calls 96212->96216 96215 63aceb 23 API calls 96213->96215 96217 63aceb 23 API calls 96214->96217 96215->96214 96218 63f7e5 96216->96218 96220 63fd3d 96217->96220 96218->96214 96219 63f83e 96218->96219 96218->96220 96222 641310 348 API calls 96219->96222 96243 63ed9d messages 96219->96243 96248 6a1155 22 API calls 96220->96248 96242 63ec76 messages 96222->96242 96223 64fddb 22 API calls 96223->96242 96225 63fef7 96225->96243 96250 63a8c7 22 API calls __fread_nolock 96225->96250 96227 63a8c7 22 API calls 96227->96242 96228 684600 96228->96243 96249 63a8c7 22 API calls __fread_nolock 96228->96249 96229 684b0b 96252 6a359c 82 API calls __wsopen_s 96229->96252 96235 63fbe3 96237 684bdc 96235->96237 96235->96243 96245 63f3ae messages 96235->96245 96236 63a961 22 API calls 96236->96242 96253 6a359c 82 API calls __wsopen_s 96237->96253 96239 650242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96239->96242 96240 684beb 96254 6a359c 82 API calls __wsopen_s 96240->96254 96241 6500a3 29 API calls pre_c_initialization 96241->96242 96242->96223 96242->96225 96242->96227 96242->96228 96242->96229 96242->96235 96242->96236 96242->96239 96242->96240 96242->96241 96242->96243 96244 6501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96242->96244 96242->96245 96246 6401e0 348 API calls 2 library calls 96242->96246 96247 6406a0 41 API calls messages 96242->96247 96244->96242 96245->96243 96251 6a359c 82 API calls __wsopen_s 96245->96251 96246->96242 96247->96242 96248->96243 96249->96243 96250->96243 96251->96243 96252->96243 96253->96240 96254->96243 96255 683f75 96266 64ceb1 96255->96266 96257 683f8b 96258 684006 96257->96258 96275 64e300 23 API calls 96257->96275 96261 63bf40 348 API calls 96258->96261 96260 683fe6 96263 684052 96260->96263 96276 6a1abf 22 API calls 96260->96276 96261->96263 96264 684a88 96263->96264 96277 6a359c 82 API calls __wsopen_s 96263->96277 96267 64ced2 96266->96267 96268 64cebf 96266->96268 96270 64cf05 96267->96270 96271 64ced7 96267->96271 96269 63aceb 23 API calls 96268->96269 96274 64cec9 96269->96274 96272 63aceb 23 API calls 96270->96272 96273 64fddb 22 API calls 96271->96273 96272->96274 96273->96274 96274->96257 96275->96260 96276->96258 96277->96264 96278 6503fb 96279 650407 CallCatchBlock 96278->96279 96307 64feb1 96279->96307 96281 65040e 96282 650561 96281->96282 96285 650438 96281->96285 96337 65083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 96282->96337 96284 650568 96330 654e52 96284->96330 96294 650477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 96285->96294 96318 66247d 96285->96318 96292 650457 96295 6504d8 96294->96295 96333 654e1a 38 API calls 2 library calls 96294->96333 96326 650959 96295->96326 96298 6504de 96299 6504f3 96298->96299 96334 650992 GetModuleHandleW 96299->96334 96301 6504fa 96301->96284 96302 6504fe 96301->96302 96303 650507 96302->96303 96335 654df5 28 API calls _abort 96302->96335 96336 650040 13 API calls 2 library calls 96303->96336 96306 65050f 96306->96292 96308 64feba 96307->96308 96339 650698 IsProcessorFeaturePresent 96308->96339 96310 64fec6 96340 652c94 10 API calls 3 library calls 96310->96340 96312 64fecb 96313 64fecf 96312->96313 96341 662317 96312->96341 96313->96281 96316 64fee6 96316->96281 96321 662494 96318->96321 96319 650a8c CatchGuardHandler 5 API calls 96320 650451 96319->96320 96320->96292 96322 662421 96320->96322 96321->96319 96323 662450 96322->96323 96324 650a8c CatchGuardHandler 5 API calls 96323->96324 96325 662479 96324->96325 96325->96294 96392 652340 96326->96392 96329 65097f 96329->96298 96394 654bcf 96330->96394 96333->96295 96334->96301 96335->96303 96336->96306 96337->96284 96339->96310 96340->96312 96345 66d1f6 96341->96345 96344 652cbd 8 API calls 3 library calls 96344->96313 96348 66d213 96345->96348 96349 66d20f 96345->96349 96347 64fed8 96347->96316 96347->96344 96348->96349 96351 664bfb 96348->96351 96363 650a8c 96349->96363 96352 664c07 CallCatchBlock 96351->96352 96370 662f5e EnterCriticalSection 96352->96370 96354 664c0e 96371 6650af 96354->96371 96356 664c1d 96357 664c2c 96356->96357 96384 664a8f 29 API calls 96356->96384 96386 664c48 LeaveCriticalSection _abort 96357->96386 96360 664c27 96385 664b45 GetStdHandle GetFileType 96360->96385 96361 664c3d __fread_nolock 96361->96348 96364 650a95 96363->96364 96365 650a97 IsProcessorFeaturePresent 96363->96365 96364->96347 96367 650c5d 96365->96367 96391 650c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96367->96391 96369 650d40 96369->96347 96370->96354 96372 6650bb CallCatchBlock 96371->96372 96373 6650df 96372->96373 96374 6650c8 96372->96374 96387 662f5e EnterCriticalSection 96373->96387 96388 65f2d9 20 API calls _abort 96374->96388 96377 6650cd 96389 6627ec 26 API calls _strftime 96377->96389 96379 6650d7 __fread_nolock 96379->96356 96381 665000 __wsopen_s 21 API calls 96383 6650eb 96381->96383 96382 665117 96390 66513e LeaveCriticalSection _abort 96382->96390 96383->96381 96383->96382 96384->96360 96385->96357 96386->96361 96387->96383 96388->96377 96389->96379 96390->96379 96391->96369 96393 65096c GetStartupInfoW 96392->96393 96393->96329 96395 654bdb _abort 96394->96395 96396 654bf4 96395->96396 96397 654be2 96395->96397 96418 662f5e EnterCriticalSection 96396->96418 96433 654d29 GetModuleHandleW 96397->96433 96400 654be7 96400->96396 96434 654d6d GetModuleHandleExW 96400->96434 96401 654c99 96422 654cd9 96401->96422 96405 654c70 96407 654c88 96405->96407 96412 662421 _abort 5 API calls 96405->96412 96413 662421 _abort 5 API calls 96407->96413 96408 654bfb 96408->96401 96408->96405 96419 6621a8 96408->96419 96409 654cb6 96425 654ce8 96409->96425 96410 654ce2 96442 671d29 5 API calls CatchGuardHandler 96410->96442 96412->96407 96413->96401 96418->96408 96443 661ee1 96419->96443 96462 662fa6 LeaveCriticalSection 96422->96462 96424 654cb2 96424->96409 96424->96410 96463 66360c 96425->96463 96428 654d16 96431 654d6d _abort 8 API calls 96428->96431 96429 654cf6 GetPEB 96429->96428 96430 654d06 GetCurrentProcess TerminateProcess 96429->96430 96430->96428 96432 654d1e ExitProcess 96431->96432 96433->96400 96435 654d97 GetProcAddress 96434->96435 96436 654dba 96434->96436 96441 654dac 96435->96441 96437 654dc0 FreeLibrary 96436->96437 96438 654dc9 96436->96438 96437->96438 96439 650a8c CatchGuardHandler 5 API calls 96438->96439 96440 654bf3 96439->96440 96440->96396 96441->96436 96446 661e90 96443->96446 96445 661f05 96445->96405 96447 661e9c CallCatchBlock 96446->96447 96454 662f5e EnterCriticalSection 96447->96454 96449 661eaa 96455 661f31 96449->96455 96453 661ec8 __fread_nolock 96453->96445 96454->96449 96458 661f59 96455->96458 96459 661f51 96455->96459 96456 650a8c CatchGuardHandler 5 API calls 96457 661eb7 96456->96457 96461 661ed5 LeaveCriticalSection _abort 96457->96461 96458->96459 96460 6629c8 _free 20 API calls 96458->96460 96459->96456 96460->96459 96461->96453 96462->96424 96464 663627 96463->96464 96465 663631 96463->96465 96467 650a8c CatchGuardHandler 5 API calls 96464->96467 96470 662fd7 5 API calls 2 library calls 96465->96470 96468 654cf2 96467->96468 96468->96428 96468->96429 96469 663648 96469->96464 96470->96469 96471 63defc 96474 631d6f 96471->96474 96473 63df07 96475 631d8c 96474->96475 96476 631f6f 348 API calls 96475->96476 96477 631da6 96476->96477 96478 672759 96477->96478 96480 631dc2 96477->96480 96481 631e36 96477->96481 96484 6a359c 82 API calls __wsopen_s 96478->96484 96480->96481 96483 63289a 23 API calls 96480->96483 96481->96473 96483->96481 96484->96481

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 400 6342de-63434d call 63a961 GetVersionExW call 636b57 405 673617-67362a 400->405 406 634353 400->406 408 67362b-67362f 405->408 407 634355-634357 406->407 409 673656 407->409 410 63435d-6343bc call 6393b2 call 6337a0 407->410 411 673632-67363e 408->411 412 673631 408->412 415 67365d-673660 409->415 428 6343c2-6343c4 410->428 429 6737df-6737e6 410->429 411->408 414 673640-673642 411->414 412->411 414->407 417 673648-67364f 414->417 418 673666-6736a8 415->418 419 63441b-634435 GetCurrentProcess IsWow64Process 415->419 417->405 421 673651 417->421 418->419 422 6736ae-6736b1 418->422 424 634437 419->424 425 634494-63449a 419->425 421->409 426 6736b3-6736bd 422->426 427 6736db-6736e5 422->427 430 63443d-634449 424->430 425->430 431 6736bf-6736c5 426->431 432 6736ca-6736d6 426->432 434 6736e7-6736f3 427->434 435 6736f8-673702 427->435 428->415 433 6343ca-6343dd 428->433 436 673806-673809 429->436 437 6737e8 429->437 438 673824-673828 GetSystemInfo 430->438 439 63444f-63445e LoadLibraryA 430->439 431->419 432->419 442 6343e3-6343e5 433->442 443 673726-67372f 433->443 434->419 445 673715-673721 435->445 446 673704-673710 435->446 447 6737f4-6737fc 436->447 448 67380b-67381a 436->448 444 6737ee 437->444 440 634460-63446e GetProcAddress 439->440 441 63449c-6344a6 GetSystemInfo 439->441 440->441 449 634470-634474 GetNativeSystemInfo 440->449 450 634476-634478 441->450 451 6343eb-6343ee 442->451 452 67374d-673762 442->452 453 673731-673737 443->453 454 67373c-673748 443->454 444->447 445->419 446->419 447->436 448->444 455 67381c-673822 448->455 449->450 458 634481-634493 450->458 459 63447a-63447b FreeLibrary 450->459 460 673791-673794 451->460 461 6343f4-63440f 451->461 456 673764-67376a 452->456 457 67376f-67377b 452->457 453->419 454->419 455->447 456->419 457->419 459->458 460->419 462 67379a-6737c1 460->462 463 634415 461->463 464 673780-67378c 461->464 465 6737c3-6737c9 462->465 466 6737ce-6737da 462->466 463->419 464->419 465->419 466->419
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetVersionExW.KERNEL32(?), ref: 0063430D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00636B57: _wcslen.LIBCMT ref: 00636B6A
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,006CCB64,00000000,?,?), ref: 00634422
                                                                                                                                                                                                                                                                                                                                                            • IsWow64Process.KERNEL32(00000000,?,?), ref: 00634429
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00634454
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00634466
                                                                                                                                                                                                                                                                                                                                                            • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00634474
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?), ref: 0063447B
                                                                                                                                                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?,?,?), ref: 006344A0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a63559da5bd6162c24c9cbcf14bb88b9be82f6800990b4f7e55cca837b2859d4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b03e128e12e83d733822e328c408970c35ab16057cf0d0e0f7af0ce3e40bc736
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a63559da5bd6162c24c9cbcf14bb88b9be82f6800990b4f7e55cca837b2859d4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BCA1E67190A2D0CFC715C7797C815E5FFE6AB26300F88D6ADE04593B22DE284505DB6D

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 804 6342a2-6342ba CreateStreamOnHGlobal 805 6342da-6342dd 804->805 806 6342bc-6342d3 FindResourceExW 804->806 807 6342d9 806->807 808 6735ba-6735c9 LoadResource 806->808 807->805 808->807 809 6735cf-6735dd SizeofResource 808->809 809->807 810 6735e3-6735ee LockResource 809->810 810->807 811 6735f4-673612 810->811 811->807
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,006350AA,?,?,00000000,00000000), ref: 006342B2
                                                                                                                                                                                                                                                                                                                                                            • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,006350AA,?,?,00000000,00000000), ref: 006342C9
                                                                                                                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(?,00000000,?,?,006350AA,?,?,00000000,00000000,?,?,?,?,?,?,00634F20), ref: 006735BE
                                                                                                                                                                                                                                                                                                                                                            • SizeofResource.KERNEL32(?,00000000,?,?,006350AA,?,?,00000000,00000000,?,?,?,?,?,?,00634F20), ref: 006735D3
                                                                                                                                                                                                                                                                                                                                                            • LockResource.KERNEL32(006350AA,?,?,006350AA,?,?,00000000,00000000,?,?,?,?,?,?,00634F20,?), ref: 006735E6
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                                                            • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 23db2834aa71d53b9cdbbf210e50088b47e40ec907f83e4bf79df59680d5f862
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8604bbcaa76e4579a7d6aa33c29e44d136c9972d32611f01b5f57f0bcfe28acd
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 23db2834aa71d53b9cdbbf210e50088b47e40ec907f83e4bf79df59680d5f862
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54117C70200700BFE7218BA6DC48F67BBBEEFC6B61F148169F416D6650DB71ED009A60

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00632B6B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00633A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00701418,?,00632E7F,?,?,?,00000000), ref: 00633A78
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00639CB3: _wcslen.LIBCMT ref: 00639CBD
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(runas,?,?,?,?,?,006F2224), ref: 00672C10
                                                                                                                                                                                                                                                                                                                                                            • ShellExecuteW.SHELL32(00000000,?,?,006F2224), ref: 00672C17
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: runas
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8dc9ef8ef2feddc127633c2d8933e355695ab53061aefba1436cfbb994a9332b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 99c77ee5e290fbee14c513b7ee692cc5456b9a343cd5bea456a3d07830787235
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8dc9ef8ef2feddc127633c2d8933e355695ab53061aefba1436cfbb994a9332b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95112931508386AAC748FF60D861DBEB7A79F90314F44542CF187421A2CF708A0ACB96

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 1250 69d4dc-69d524 CreateToolhelp32Snapshot Process32FirstW call 69def7 1253 69d5d2-69d5d5 1250->1253 1254 69d529-69d538 Process32NextW 1253->1254 1255 69d5db-69d5ea CloseHandle 1253->1255 1254->1255 1256 69d53e-69d5ad call 63a961 * 2 call 639cb3 call 63525f call 63988f call 636350 call 64ce60 1254->1256 1271 69d5af-69d5b1 1256->1271 1272 69d5b7-69d5be 1256->1272 1273 69d5c0-69d5cd call 63988f * 2 1271->1273 1274 69d5b3-69d5b5 1271->1274 1272->1273 1273->1253 1274->1272 1274->1273
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 0069D501
                                                                                                                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 0069D50F
                                                                                                                                                                                                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 0069D52F
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(00000000), ref: 0069D5DC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 91df49d8acafadaad8c1529d4bc2266cf7550f4c032de8d6c687674eb9034e65
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0c62877ac727f90b9f425b1d1a7abaa1f92e57b3017ec42716e35c8c8d268e7f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 91df49d8acafadaad8c1529d4bc2266cf7550f4c032de8d6c687674eb9034e65
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE3191711083009FD704EF64C881AAFBBFAEF99354F14092DF585862A1EB719945CBA2

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 1278 69dbbe-69dbda lstrlenW 1279 69dbdc-69dbe6 GetFileAttributesW 1278->1279 1280 69dc06 1278->1280 1281 69dc09-69dc0d 1279->1281 1282 69dbe8-69dbf7 FindFirstFileW 1279->1282 1280->1281 1282->1280 1283 69dbf9-69dc04 FindClose 1282->1283 1283->1281
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,00675222), ref: 0069DBCE
                                                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNELBASE(?), ref: 0069DBDD
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0069DBEE
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0069DBFA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 05676ad06b82452439491b0144d3df84126f44daa453db984ea5b273ee8c087c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 01d5e6c590f9dc244ef9e6b74b3286e87a9db68b553dd022c592933a3bee37c6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 05676ad06b82452439491b0144d3df84126f44daa453db984ea5b273ee8c087c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6F0A0B081091097CB206B78EC0D8BA776E9E013B4B144712F83AC2AE0EBB45A558695
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(006628E9,?,00654CBE,006628E9,006F88B8,0000000C,00654E15,006628E9,00000002,00000000,?,006628E9), ref: 00654D09
                                                                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00654CBE,006628E9,006F88B8,0000000C,00654E15,006628E9,00000002,00000000,?,006628E9), ref: 00654D10
                                                                                                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00654D22
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4f244e6acf8add289b2504fff7b6a8c6f42c39426ecc082b8f5e3e2ec6020281
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b8450dca5e86c4fbbb72e7657f506477f2bb003fc83eae2043b389b9a04927c0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f244e6acf8add289b2504fff7b6a8c6f42c39426ecc082b8f5e3e2ec6020281
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C9E0B631400548ABCF11AF54EE09EA83B7BFF41796F145158FC098B622CF36DD86CA94
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: p#p
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3964851224-1159509791
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c15fac2d4178b021ca1ef142c3276ddd9f442b69cbb2f0b83231647fb008fef5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0d2cfddfaa8c186f408fa32410ed67acf96652b353f261ffeaf68e70ad9b9984
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c15fac2d4178b021ca1ef142c3276ddd9f442b69cbb2f0b83231647fb008fef5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2A26970A083019FD764DF18C480B6ABBE2BF89314F14896DF89A9B352D771EC45CB92

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 0 6baff9-6bb056 call 652340 3 6bb058-6bb06b call 63b567 0->3 4 6bb094-6bb098 0->4 12 6bb0c8 3->12 13 6bb06d-6bb092 call 63b567 * 2 3->13 6 6bb09a-6bb0bb call 63b567 * 2 4->6 7 6bb0dd-6bb0e0 4->7 30 6bb0bf-6bb0c4 6->30 9 6bb0e2-6bb0e5 7->9 10 6bb0f5-6bb119 call 637510 call 637620 7->10 14 6bb0e8-6bb0ed call 63b567 9->14 33 6bb1d8-6bb1e0 10->33 34 6bb11f-6bb178 call 637510 call 637620 call 637510 call 637620 call 637510 call 637620 10->34 17 6bb0cb-6bb0cf 12->17 13->30 14->10 22 6bb0d9-6bb0db 17->22 23 6bb0d1-6bb0d7 17->23 22->7 22->10 23->14 30->7 31 6bb0c6 30->31 31->17 36 6bb20a-6bb238 GetCurrentDirectoryW call 64fe0b GetCurrentDirectoryW 33->36 37 6bb1e2-6bb1fd call 637510 call 637620 33->37 82 6bb17a-6bb195 call 637510 call 637620 34->82 83 6bb1a6-6bb1d6 GetSystemDirectoryW call 64fe0b GetSystemDirectoryW 34->83 45 6bb23c 36->45 37->36 53 6bb1ff-6bb208 call 654963 37->53 48 6bb240-6bb244 45->48 51 6bb246-6bb270 call 639c6e * 3 48->51 52 6bb275-6bb285 call 6a00d9 48->52 51->52 64 6bb28b-6bb2e1 call 6a07c0 call 6a06e6 call 6a05a7 52->64 65 6bb287-6bb289 52->65 53->36 53->52 69 6bb2ee-6bb2f2 64->69 97 6bb2e3 64->97 65->69 71 6bb39a-6bb3be CreateProcessW 69->71 72 6bb2f8-6bb321 call 6911c8 69->72 76 6bb3c1-6bb3d4 call 64fe14 * 2 71->76 87 6bb32a call 6914ce 72->87 88 6bb323-6bb328 call 691201 72->88 103 6bb42f-6bb43d CloseHandle 76->103 104 6bb3d6-6bb3e8 76->104 82->83 105 6bb197-6bb1a0 call 654963 82->105 83->45 96 6bb32f-6bb33c call 654963 87->96 88->96 112 6bb33e-6bb345 96->112 113 6bb347-6bb357 call 654963 96->113 97->69 107 6bb43f-6bb444 103->107 108 6bb49c 103->108 109 6bb3ea 104->109 110 6bb3ed-6bb3fc 104->110 105->48 105->83 114 6bb451-6bb456 107->114 115 6bb446-6bb44c CloseHandle 107->115 118 6bb4a0-6bb4a4 108->118 109->110 116 6bb3fe 110->116 117 6bb401-6bb42a GetLastError call 63630c call 63cfa0 110->117 112->112 112->113 136 6bb359-6bb360 113->136 137 6bb362-6bb372 call 654963 113->137 123 6bb458-6bb45e CloseHandle 114->123 124 6bb463-6bb468 114->124 115->114 116->117 126 6bb4e5-6bb4f6 call 6a0175 117->126 119 6bb4b2-6bb4bc 118->119 120 6bb4a6-6bb4b0 118->120 127 6bb4be 119->127 128 6bb4c4-6bb4e3 call 63cfa0 CloseHandle 119->128 120->126 123->124 130 6bb46a-6bb470 CloseHandle 124->130 131 6bb475-6bb49a call 6a09d9 call 6bb536 124->131 127->128 128->126 130->131 131->118 136->136 136->137 146 6bb37d-6bb398 call 64fe14 * 3 137->146 147 6bb374-6bb37b 137->147 146->76 147->146 147->147
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006BB198
                                                                                                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 006BB1B0
                                                                                                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 006BB1D4
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006BB200
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 006BB214
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 006BB236
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006BB332
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006A05A7: GetStdHandle.KERNEL32(000000F6), ref: 006A05C6
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006BB34B
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006BB366
                                                                                                                                                                                                                                                                                                                                                            • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 006BB3B6
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000), ref: 006BB407
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 006BB439
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 006BB44A
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 006BB45C
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 006BB46E
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 006BB4E3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fbcd4d15da32d32acd5aed16244218a580a294d06e01093ecae7739bca5211da
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 061f358cf239928e3d222a195b4a8708563c6a3d05bf3b8eeb254e8ba8d97655
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fbcd4d15da32d32acd5aed16244218a580a294d06e01093ecae7739bca5211da
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38F1AF715043409FC764EF24C891BAEBBE2AF85314F14945DF8998B3A2CB71EC85CB96
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetInputState.USER32 ref: 0063D807
                                                                                                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 0063DA07
                                                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0063DB28
                                                                                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 0063DB7B
                                                                                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 0063DB89
                                                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0063DB9F
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(0000000A), ref: 0063DBB1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1000572deac66990a4a1eb19811995a2e4e056532536775727e77c2b7b8aa3f6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b8590a233233aa242953f94f91d7c8b306a63849726b0ee32efc2cce99f736aa
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1000572deac66990a4a1eb19811995a2e4e056532536775727e77c2b7b8aa3f6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C042FE70608242EFD728DF24D894BAAB7E2FF46314F14865EE4668B391D770E845CBC6

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00632D07
                                                                                                                                                                                                                                                                                                                                                            • RegisterClassExW.USER32(00000030), ref: 00632D31
                                                                                                                                                                                                                                                                                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00632D42
                                                                                                                                                                                                                                                                                                                                                            • InitCommonControlsEx.COMCTL32(?), ref: 00632D5F
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00632D6F
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A9), ref: 00632D85
                                                                                                                                                                                                                                                                                                                                                            • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00632D94
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9bb6ae46914f2fc8d1de5991c67d34b8fa56909035105b5259ab121dacd6ed6f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e5cc5c9df5a9e3ca2fa3b21c5780814eb03578c0e8097a9d1d803bee3b6516f0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9bb6ae46914f2fc8d1de5991c67d34b8fa56909035105b5259ab121dacd6ed6f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E821E3B1D11348EFDB00DFA4E859BEDBBB5FB08710F00821AF615A62A0DBB51540CFA4

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 468 67065b-67068b call 67042f 471 6706a6-6706b2 call 665221 468->471 472 67068d-670698 call 65f2c6 468->472 477 6706b4-6706c9 call 65f2c6 call 65f2d9 471->477 478 6706cb-670714 call 67039a 471->478 479 67069a-6706a1 call 65f2d9 472->479 477->479 487 670716-67071f 478->487 488 670781-67078a GetFileType 478->488 489 67097d-670983 479->489 493 670756-67077c GetLastError call 65f2a3 487->493 494 670721-670725 487->494 490 6707d3-6707d6 488->490 491 67078c-6707bd GetLastError call 65f2a3 CloseHandle 488->491 496 6707df-6707e5 490->496 497 6707d8-6707dd 490->497 491->479 505 6707c3-6707ce call 65f2d9 491->505 493->479 494->493 498 670727-670754 call 67039a 494->498 502 6707e9-670837 call 66516a 496->502 503 6707e7 496->503 497->502 498->488 498->493 511 670847-67086b call 67014d 502->511 512 670839-670845 call 6705ab 502->512 503->502 505->479 518 67087e-6708c1 511->518 519 67086d 511->519 512->511 517 67086f-670879 call 6686ae 512->517 517->489 521 6708c3-6708c7 518->521 522 6708e2-6708f0 518->522 519->517 521->522 524 6708c9-6708dd 521->524 525 6708f6-6708fa 522->525 526 67097b 522->526 524->522 525->526 527 6708fc-67092f CloseHandle call 67039a 525->527 526->489 530 670963-670977 527->530 531 670931-67095d GetLastError call 65f2a3 call 665333 527->531 530->526 531->530
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0067039A: CreateFileW.KERNELBASE(00000000,00000000,?,00670704,?,?,00000000,?,00670704,00000000,0000000C), ref: 006703B7
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0067076F
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00670776
                                                                                                                                                                                                                                                                                                                                                            • GetFileType.KERNELBASE(00000000), ref: 00670782
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0067078C
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00670795
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 006707B5
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 006708FF
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00670931
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00670938
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                                                            • String ID: H
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 64251a19f568036642363132c7f1f932db0b1d85afb2526b7c8bb197c4acb475
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6cf462e6730db1696a19f7e69e935a4280c2f4caca3107ffe2b420e655081849
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64251a19f568036642363132c7f1f932db0b1d85afb2526b7c8bb197c4acb475
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5BA15532A00144CFEF19EF68D851BAE3BA2AB06324F14815DF819DB391CB309D13CBA5

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00633A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00701418,?,00632E7F,?,?,?,00000000), ref: 00633A78
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00633357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00633379
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0063356A
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0067318D
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 006731CE
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00673210
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00673277
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00673286
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                                                            • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 55b364b77043ea12db12bcad9f3223db5cb17bf1bf57ad9b1d8d428e36be771f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3b91fcb4134024bc32fa7091080235036a7b224c861c98d50350febf6473ccac
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 55b364b77043ea12db12bcad9f3223db5cb17bf1bf57ad9b1d8d428e36be771f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A71C172404300DEC344DF64DC859ABFBE9FF84350F50892EF549932A2DB789A49CBA9

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00632B8E
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00632B9D
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000063), ref: 00632BB3
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A4), ref: 00632BC5
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A2), ref: 00632BD7
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00632BEF
                                                                                                                                                                                                                                                                                                                                                            • RegisterClassExW.USER32(?), ref: 00632C40
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00632CD4: GetSysColorBrush.USER32(0000000F), ref: 00632D07
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00632CD4: RegisterClassExW.USER32(00000030), ref: 00632D31
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00632CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00632D42
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00632CD4: InitCommonControlsEx.COMCTL32(?), ref: 00632D5F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00632CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00632D6F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00632CD4: LoadIconW.USER32(000000A9), ref: 00632D85
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00632CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00632D94
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 70a6ade5f7e87c0dab04a9c35a46db45f04d933a73a4c2f420d7392a2f08a599
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7225ec861387c3495bc00b9d8ecd0a580b22133e97d11720c2f9b1fe218ff8bf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70a6ade5f7e87c0dab04a9c35a46db45f04d933a73a4c2f420d7392a2f08a599
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F212970E00318EBDB109FA5EC59BA9BFF5FB48B54F44811AF504A76A0DBB94540CF98

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 609 633170-633185 610 633187-63318a 609->610 611 6331e5-6331e7 609->611 613 6331eb 610->613 614 63318c-633193 610->614 611->610 612 6331e9 611->612 615 6331d0-6331d8 DefWindowProcW 612->615 616 6331f1-6331f6 613->616 617 672dfb-672e23 call 6318e2 call 64e499 613->617 618 633265-63326d PostQuitMessage 614->618 619 633199-63319e 614->619 620 6331de-6331e4 615->620 622 6331f8-6331fb 616->622 623 63321d-633244 SetTimer RegisterWindowMessageW 616->623 652 672e28-672e2f 617->652 621 633219-63321b 618->621 625 6331a4-6331a8 619->625 626 672e7c-672e90 call 69bf30 619->626 621->620 627 633201-63320f KillTimer call 6330f2 622->627 628 672d9c-672d9f 622->628 623->621 630 633246-633251 CreatePopupMenu 623->630 631 6331ae-6331b3 625->631 632 672e68-672e72 call 69c161 625->632 626->621 644 672e96 626->644 648 633214 call 633c50 627->648 635 672dd7-672df6 MoveWindow 628->635 636 672da1-672da5 628->636 630->621 640 672e4d-672e54 631->640 641 6331b9-6331be 631->641 649 672e77 632->649 635->621 645 672da7-672daa 636->645 646 672dc6-672dd2 SetFocus 636->646 640->615 647 672e5a-672e63 call 690ad7 640->647 642 633253-633263 call 63326f 641->642 643 6331c4-6331ca 641->643 642->621 643->615 643->652 644->615 645->643 653 672db0-672dc1 call 6318e2 645->653 646->621 647->615 648->621 649->621 652->615 657 672e35-672e48 call 6330f2 call 633837 652->657 653->621 657->615
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0063316A,?,?), ref: 006331D8
                                                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,00000001,?,?,?,?,?,0063316A,?,?), ref: 00633204
                                                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00633227
                                                                                                                                                                                                                                                                                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0063316A,?,?), ref: 00633232
                                                                                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 00633246
                                                                                                                                                                                                                                                                                                                                                            • PostQuitMessage.USER32(00000000), ref: 00633267
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                            • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7434cab24c88b6d489ab1960b5b58691cad307caa2862ff2a66e312a17ec1ead
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f59932527a930ce4fee6fcdb2cb530b76d4dab7970c53c68a670530c93cf1aad
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7434cab24c88b6d489ab1960b5b58691cad307caa2862ff2a66e312a17ec1ead
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E415931600220EBDB141B7CDD1DBBA3A5BEB05350F448229F50A867E1CB7A9F4197E9

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 665 631410-631449 666 63144f-631465 mciSendStringW 665->666 667 6724b8-6724b9 DestroyWindow 665->667 668 6316c6-6316d3 666->668 669 63146b-631473 666->669 670 6724c4-6724d1 667->670 672 6316d5-6316f0 UnregisterHotKey 668->672 673 6316f8-6316ff 668->673 669->670 671 631479-631488 call 63182e 669->671 675 6724d3-6724d6 670->675 676 672500-672507 670->676 686 67250e-67251a 671->686 687 63148e-631496 671->687 672->673 678 6316f2-6316f3 call 6310d0 672->678 673->669 674 631705 673->674 674->668 680 6724e2-6724e5 FindClose 675->680 681 6724d8-6724e0 call 636246 675->681 676->670 679 672509 676->679 678->673 679->686 685 6724eb-6724f8 680->685 681->685 685->676 691 6724fa-6724fb call 6a32b1 685->691 688 672524-67252b 686->688 689 67251c-67251e FreeLibrary 686->689 692 672532-67253f 687->692 693 63149c-6314c1 call 63cfa0 687->693 688->686 696 67252d 688->696 689->688 691->676 697 672566-67256d 692->697 698 672541-67255e VirtualFree 692->698 702 6314c3 693->702 703 6314f8-631503 CoUninitialize 693->703 696->692 697->692 701 67256f 697->701 698->697 700 672560-672561 call 6a3317 698->700 700->697 705 672574-672578 701->705 706 6314c6-6314f6 call 631a05 call 6319ae 702->706 703->705 707 631509-63150e 703->707 705->707 708 67257e-672584 705->708 706->703 710 631514-63151e 707->710 711 672589-672596 call 6a32eb 707->711 708->707 714 631707-631714 call 64f80e 710->714 715 631524-63152f call 63988f 710->715 723 672598 711->723 714->715 725 63171a 714->725 726 631535 call 631944 715->726 727 67259d-6725bf call 64fdcd 723->727 725->714 728 63153a-6315a5 call 6317d5 call 64fe14 call 63177c call 63988f call 63cfa0 call 6317fe call 64fe14 726->728 734 6725c1 727->734 728->727 755 6315ab-6315cf call 64fe14 728->755 737 6725c6-6725e8 call 64fdcd 734->737 742 6725ea 737->742 745 6725ef-672611 call 64fdcd 742->745 751 672613 745->751 754 672618-672625 call 6964d4 751->754 761 672627 754->761 755->737 760 6315d5-6315f9 call 64fe14 755->760 760->745 765 6315ff-631619 call 64fe14 760->765 764 67262c-672639 call 64ac64 761->764 769 67263b 764->769 765->754 771 63161f-631643 call 6317d5 call 64fe14 765->771 772 672640-67264d call 6a3245 769->772 771->764 780 631649-631651 771->780 778 67264f 772->778 781 672654-672661 call 6a32cc 778->781 780->772 782 631657-631668 call 63988f call 63190a 780->782 788 672663 781->788 789 63166d-631675 782->789 791 672668-672675 call 6a32cc 788->791 789->781 790 63167b-631689 789->790 790->791 792 63168f-6316c5 call 63988f * 3 call 631876 790->792 797 672677 791->797 797->797
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00631459
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.COMBASE ref: 006314F8
                                                                                                                                                                                                                                                                                                                                                            • UnregisterHotKey.USER32(?), ref: 006316DD
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 006724B9
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 0067251E
                                                                                                                                                                                                                                                                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0067254B
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: close all
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 477010b9f23d0bc62575b8e7c8ea1900e948beac74af1a915dd581f547eb5e44
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8c417c83dc779901ac33253be344cb22f0db9cd0f04abca3781e0b5ea036375c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 477010b9f23d0bc62575b8e7c8ea1900e948beac74af1a915dd581f547eb5e44
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51D16B71701212CFDB29EF15C4A5B69F7A6BF06710F1482ADE44A6B352DB30AD12CF94

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 814 632c63-632cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00632C91
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00632CB2
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00631CAD,?), ref: 00632CC6
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00631CAD,?), ref: 00632CCF
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4873159ea496f70de9ef52ce7c26476a900b7cc92169ea7641d43232f6b62bb8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3aae6abc2185fe1c4e8f7ff02a0f5b2e019e29dbc4f9494093786e5fb2234d88
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4873159ea496f70de9ef52ce7c26476a900b7cc92169ea7641d43232f6b62bb8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0CF03A75940390BAEB301B13AC1CE77AEBED7C6F60B40911EF904A25A0CA790840DAB8

                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 1239 633b1c-633b27 1240 633b99-633b9b 1239->1240 1241 633b29-633b2e 1239->1241 1242 633b8c-633b8f 1240->1242 1241->1240 1243 633b30-633b48 RegOpenKeyExW 1241->1243 1243->1240 1244 633b4a-633b69 RegQueryValueExW 1243->1244 1245 633b80-633b8b RegCloseKey 1244->1245 1246 633b6b-633b76 1244->1246 1245->1242 1247 633b90-633b97 1246->1247 1248 633b78-633b7a 1246->1248 1249 633b7e 1247->1249 1248->1249 1249->1245
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00633B0F,SwapMouseButtons,00000004,?), ref: 00633B40
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00633B0F,SwapMouseButtons,00000004,?), ref: 00633B61
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00633B0F,SwapMouseButtons,00000004,?), ref: 00633B83
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                            • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ed9499d13aa9cdd7b16588dba44700fa309328884904853365b09bc7e09f004c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c7542f1ada71727af1285d1857667be3a8bf1a983cc30c521085867174dd2dcc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ed9499d13aa9cdd7b16588dba44700fa309328884904853365b09bc7e09f004c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF112AB5610218FFDB208FA5DC44EEEB7B9EF24754F104459E806D7210D2319E4197A0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 006733A2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00636B57: _wcslen.LIBCMT ref: 00636B6A
                                                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00633A04
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 63ca6595ba7238bbb2e680d1e3cbbc5dd58617abdd8061c060f380a4ec807254
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4897f25b6f1a29ac898f4ec0908ea1dec970d69d84e1f6f588d79f4332631360
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63ca6595ba7238bbb2e680d1e3cbbc5dd58617abdd8061c060f380a4ec807254
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2531D471808320EED765EB20DC45BEBB7DAAB40710F00862EF599832D1EF749649C7CA
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetOpenFileNameW.COMDLG32(?), ref: 00672C8C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00633AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00633A97,?,?,00632E7F,?,?,?,00000000), ref: 00633AC2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00632DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00632DC4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID: X$`eo
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 779396738-1816224629
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ef662feaf277e6b4437925c2780ba8c7209f222ede4c9e42dbc5e54cafce2417
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c07b7c3189f7ec65cb270d68e22fd0a069d24e1b1ed5b76008203bbe456979b4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ef662feaf277e6b4437925c2780ba8c7209f222ede4c9e42dbc5e54cafce2417
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E219671A002589BCB41EF94C855BEE7BFAAF49314F008059E505A7341DBB455498FA5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00650668
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006532A4: RaiseException.KERNEL32(?,?,?,0065068A,?,00701444,?,?,?,?,?,?,0065068A,00631129,006F8738,00631129), ref: 00653304
                                                                                                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00650685
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                            • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2522c6b5a0191ca6a2a055185b4650aef1072d5531cda4e5938a6a82bec3e94b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c84b25492d1bffe24a1742544062b8eb98e83c9d4003f3676a3c24f5528fdbe3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2522c6b5a0191ca6a2a055185b4650aef1072d5531cda4e5938a6a82bec3e94b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BFF0223490020D77CB00BBA4D846CAEBB6F5E00341F604478BD14C2692EF71EB6ECA84
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00631BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00631BF4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00631BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00631BFC
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00631BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00631C07
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00631BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00631C12
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00631BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00631C1A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00631BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00631C22
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00631B4A: RegisterWindowMessageW.USER32(00000004,?,006312C4), ref: 00631BA2
                                                                                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0063136A
                                                                                                                                                                                                                                                                                                                                                            • OleInitialize.OLE32 ref: 00631388
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000), ref: 006724AB
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 45f3ac34942804a71822cd4210e9106dd01260d564eb1b0542e3e2620f9be7af
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 00229b1b2c6ef596e3f185f9bedf5af9d5d0b99d79192b3f2dbed2e83e0ab5ae
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45f3ac34942804a71822cd4210e9106dd01260d564eb1b0542e3e2620f9be7af
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 577199B4911240CEC384DF79AC55A653AE2EB893647D4C32EE04ADB3B1EF384561CF99
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00633923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00633A04
                                                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0069C259
                                                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,00000001,?,?), ref: 0069C261
                                                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0069C270
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1a1ee641f2374e3cb91b5488144e68520c2428164f9f1ef455f95aa2979493af
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bd29a8f041c7487a520b78b928276bf1d83551d9e711582acf9ae2143ff067ae
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1a1ee641f2374e3cb91b5488144e68520c2428164f9f1ef455f95aa2979493af
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4231C370904384AFEF228F648855BE7BBEE9B06318F00449ED5DE93241C7745B85CB55
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(00000000,00000000,?,?,006685CC,?,006F8CC8,0000000C), ref: 00668704
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,006685CC,?,006F8CC8,0000000C), ref: 0066870E
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00668739
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8e78ad5dc860583b52762d579398bb5461c322530621399c0397a4c4a55046e3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c75b2de8eabc29825ec33aeedce3093e92521bd8ebb63bd8280be9222ddf88c6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e78ad5dc860583b52762d579398bb5461c322530621399c0397a4c4a55046e3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88012B326056601ED6746334E846BBE6B4B4B91B78F39031DF919DB3D3EEA08C818194
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 0063DB7B
                                                                                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 0063DB89
                                                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0063DB9F
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(0000000A), ref: 0063DBB1
                                                                                                                                                                                                                                                                                                                                                            • TranslateAcceleratorW.USER32(?,?,?), ref: 00681CC9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 83d7378d168a54c2337026c78c8466854a15c73d887ca3f8a2bfaef4a8ecafb4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 535f4b3bed3aa69004f1e04eee718618648622da6416c40876bd0e4871fabb2b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 83d7378d168a54c2337026c78c8466854a15c73d887ca3f8a2bfaef4a8ecafb4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 25F05E706443409BE730DB60DC89FEA73AEEB45320F504A19E61A871C0DB34A5498B65
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 006417F6
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                            • String ID: CALL
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 78a3024b6f42b1ac39b40657419b13629f5476ae1831e6d7358a03a154d318d2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dce47d383e8609279e563d0099bdf1a5ae68f985320d81d5a4ed60d0fc9e8a6f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 78a3024b6f42b1ac39b40657419b13629f5476ae1831e6d7358a03a154d318d2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80228AB06082019FC754DF14C884B6ABBF2BF86314F148A5DF4968B3A2D771E985CB96
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00633908
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ac7673c76aab3de14241a9e44894514af69d2306bef5d78d362bc2a68baa677d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 285aba2f4573a6f237e2c84740ea943a74c410c7148b3091e4290e953e9c8ea1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac7673c76aab3de14241a9e44894514af69d2306bef5d78d362bc2a68baa677d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05317C70604311DFD760DF24D884797BBE9FB49719F00492EF59983380EB75AA44CB96
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 0064F661
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0063D730: GetInputState.USER32 ref: 0063D807
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 0068F2DE
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f537f62d521216c5f1791161abf5f954c12a567fff0598ef04c7625e97623115
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e2c8731f962f4a28646da2925f6d8cac214fc0ca0e73f2ebc041f035e56e0081
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f537f62d521216c5f1791161abf5f954c12a567fff0598ef04c7625e97623115
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0F08C312402059FD350FF69D449F6AB7EAEF45760F001029E85DC7260DB70A800CB94
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00634E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00634EDD,?,00701418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00634E9C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00634E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00634EAE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00634E90: FreeLibrary.KERNEL32(00000000,?,?,00634EDD,?,00701418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00634EC0
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00701418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00634EFD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00634E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00673CDE,?,00701418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00634E62
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00634E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00634E74
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00634E59: FreeLibrary.KERNEL32(00000000,?,?,00673CDE,?,00701418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00634E87
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 74d58ad5def6377864f6ab81d024086810a607b912584bd60183f8c8b72477f0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 07885ad875f8ea6c35939e434625c704427fc8f22e00941300ac7bfee9cd0d73
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 74d58ad5def6377864f6ab81d024086810a607b912584bd60183f8c8b72477f0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF11E332600305AACF54BB64DC12FADB7A7AF80711F14842DF546A62C1EE75AE059B98
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a83003c97e143df8ac1cbc13a7705bde1355b15bb814d88e85f76f515e4cce55
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 44dfa98a98977f62da1f4757134c5665ab9602e04fa9716e0d324561722f360e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a83003c97e143df8ac1cbc13a7705bde1355b15bb814d88e85f76f515e4cce55
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E611187590410AAFCB05DF68E941ADA7BF5EF48314F104199F808AB312DA31DA11CBA5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00664C7D: RtlAllocateHeap.NTDLL(00000008,00631129,00000000,?,00662E29,00000001,00000364,?,?,?,0065F2DE,00663863,00701444,?,0064FDF5,?), ref: 00664CBE
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066506C
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9d14235671bc507db613c92c89d9ea470a23ca653cdded4f527ea7f3ddf0dcf3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 470126722047056BE3218F65D882A9AFBEAFB89370F25061DE18583280EA30A805C6B4
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 786674cc66fbb580c2f3a248572a95ea5f8e42a992ff8354fbe57f2622c20820
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4F0F932510A109ACB353A758C05B9A379B9F523B3F10071DFC21932D2CB75D50A86AD
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000008,00631129,00000000,?,00662E29,00000001,00000364,?,?,?,0065F2DE,00663863,00701444,?,0064FDF5,?), ref: 00664CBE
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9931c266d3430c21f416ab3bfcc0b3759d7322764f7558f700d269894214bb9d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8a3d3d805d2784f527ff0d0ebf09ca1dd8225a5784d5fda4b29cc61226dba573
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9931c266d3430c21f416ab3bfcc0b3759d7322764f7558f700d269894214bb9d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41F0E93160222467DB215F66DC09F9A378BBF817B1F144115FC19E6380CE30D80196E4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,00701444,?,0064FDF5,?,?,0063A976,00000010,00701440,006313FC,?,006313C6,?,00631129), ref: 00663852
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a7de8bf769eba6f03fac91513633cbe8d3cd27ba85e67693320586ba11711634
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5d33e22edd8069155fd6e7d9e43bbd6cf5fd2c0be15ff3482d3b0901fe752c9a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7de8bf769eba6f03fac91513633cbe8d3cd27ba85e67693320586ba11711634
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E9E0ED31100234AAE7612AA79C05BDA374BAF827B1F09012CBC0693B81CF20DE0283E4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,00701418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00634F6D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3703f1ae5f6e49c71fe0e8297434dbdb388eb8eb90bd211fe0c88b8495f65d58
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0a55e132218f5282f75617118b421fbd5873341bdc32a9daf9fc8a56b067ca27
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3703f1ae5f6e49c71fe0e8297434dbdb388eb8eb90bd211fe0c88b8495f65d58
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7BF03071105751CFDB349F65D490862F7E6EF54329718C9BEE1DA82611CB31A844DF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32(00000000), ref: 006C2A66
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 61795168c2fbdd3e81fc6ddf9105ad511aaa0aa2e3f20cdca81f90817105e524
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5ab21b01609386a9952f4bbac224063de48dbad205781b37956bfddced8a7c9c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 61795168c2fbdd3e81fc6ddf9105ad511aaa0aa2e3f20cdca81f90817105e524
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3E0DF32354116AACB50EB74DC90EFA734EEB10390B00403EEC1AC2200EB30899286A4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0063314E
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f07d8af2193a18e7719026afb1ae284e915338b342e8e503966e6d52b4e167ca
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 07cebef58c6b8f782fb5a55c73fc6716b35934852a18ae0f43a0983f6e75bc5d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f07d8af2193a18e7719026afb1ae284e915338b342e8e503966e6d52b4e167ca
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ABF037709143149FE7529B24DC497D5BBFCA701708F0041E9A58896291DB745788CF95
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00632DC4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00636B57: _wcslen.LIBCMT ref: 00636B6A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5134d7601c125d75dee388157e7dfb78d6ce37d1b160d306248b2f5c077167be
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bdf6bfa63726ae353a01293c6dc5d2e50c97d95172bf140f51b2ae63a1eacefb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5134d7601c125d75dee388157e7dfb78d6ce37d1b160d306248b2f5c077167be
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6CE0CD72A001245BC7109258DC05FEA77DEDFC8790F044075FD0DD7248D964AD808694
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00633837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00633908
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0063D730: GetInputState.USER32 ref: 0063D807
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00632B6B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006330F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0063314E
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 36143804129eca6a85ddd02271ab02da85aa8df781445f58c8ee99b9d58509eb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fe2db42188e3c155be836cabf2a1c84310421a526b1e133c10cccb072e18d050
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 36143804129eca6a85ddd02271ab02da85aa8df781445f58c8ee99b9d58509eb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50E0863170429446C648BB74A8525BDA79B9BD1365F40153EF146832A2CF74454546D9
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNELBASE(00000000,00000000,?,00670704,?,?,00000000,?,00670704,00000000,0000000C), ref: 006703B7
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 33866262bc672dfa310bee892d28001b858bcbb4f6b87a348bb8583b732bad6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 07a0b729b453fb791db1a86f87c45eb1cbcea6c5544fb65474823a04f3fa68de
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33866262bc672dfa310bee892d28001b858bcbb4f6b87a348bb8583b732bad6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5D06C3204010DBBDF028F85DD06EDA3BAAFB48714F014000FE1856420C732E821AB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00631CBC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c4b102852f75146361b4824d967f8bee8094767c2378712f54627b8063510119
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 62f44e519609e124ccb26ee019ccf45dfb688e41e1c48308516c3d4877edc851
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c4b102852f75146361b4824d967f8bee8094767c2378712f54627b8063510119
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5C09236280304EFF3148B80BC5EF20BB65A348B10F94D101F60DA95E3CBA62832EA58
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00649BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00649BB2
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 006C961A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 006C965B
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 006C969F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 006C96C9
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 006C96F2
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 006C978B
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000009), ref: 006C9798
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 006C97AE
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000010), ref: 006C97B8
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 006C97E9
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 006C9810
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001030,?,006C7E95), ref: 006C9918
                                                                                                                                                                                                                                                                                                                                                            • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 006C992E
                                                                                                                                                                                                                                                                                                                                                            • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 006C9941
                                                                                                                                                                                                                                                                                                                                                            • SetCapture.USER32(?), ref: 006C994A
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 006C99AF
                                                                                                                                                                                                                                                                                                                                                            • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 006C99BC
                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 006C99D6
                                                                                                                                                                                                                                                                                                                                                            • ReleaseCapture.USER32 ref: 006C99E1
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 006C9A19
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 006C9A26
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 006C9A80
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 006C9AAE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 006C9AEB
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 006C9B1A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 006C9B3B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110B,00000009,?), ref: 006C9B4A
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 006C9B68
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 006C9B75
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 006C9B93
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 006C9BFA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 006C9C2B
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 006C9C84
                                                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 006C9CB4
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 006C9CDE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 006C9D01
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 006C9D4E
                                                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 006C9D82
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00649944: GetWindowLongW.USER32(?,000000EB), ref: 00649952
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006C9E05
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGID$F$p#p
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3429851547-3138188465
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 44704d2ac5b591f9ad2d7e008839570b7cab23315e4e3c82d1721c08fff1bce5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d6b99af577179a3026abdbe5bb1fda63f46583b455db65072f8ee89aad343d0f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44704d2ac5b591f9ad2d7e008839570b7cab23315e4e3c82d1721c08fff1bce5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9426834204241AFEB24CF25C848FBABBE6EF49320F14461DF699972A1D731E961CB65
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 006C48F3
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 006C4908
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 006C4927
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 006C494B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 006C495C
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 006C497B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 006C49AE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 006C49D4
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 006C4A0F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 006C4A56
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 006C4A7E
                                                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 006C4A97
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 006C4AF2
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 006C4B20
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006C4B94
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 006C4BE3
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 006C4C82
                                                                                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 006C4CAE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 006C4CC9
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 006C4CF1
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 006C4D13
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 006C4D33
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 006C4D5A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                                                                                                            • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2f3b95de5bc9007bce5e7bb69681ec17c2c9841d423e09f34de24010b2acd97d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ce6c999fb0f506f0ae865948301dbc6c32a39a9dafa0b45a0c9c6dd719689342
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f3b95de5bc9007bce5e7bb69681ec17c2c9841d423e09f34de24010b2acd97d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5012DE71600214ABEB249F29CC59FFE7BBAEF85320F10412DF51AEA2E1DB749941CB50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0064F998
                                                                                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0068F474
                                                                                                                                                                                                                                                                                                                                                            • IsIconic.USER32(00000000), ref: 0068F47D
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000009), ref: 0068F48A
                                                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 0068F494
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0068F4AA
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0068F4B1
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0068F4BD
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 0068F4CE
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 0068F4D6
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0068F4DE
                                                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 0068F4E1
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0068F4F6
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0068F501
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0068F50B
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0068F510
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0068F519
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0068F51E
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0068F528
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0068F52D
                                                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 0068F530
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0068F557
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 26c00bf88f65f903a6eb1f9b9ba7f931a4e0c47b45f1ebe5b7536409eb9b54d7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8b66b126e64079651b1dcd9a356553a1b814716678315c5a46ba1c8e7ae4b553
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 26c00bf88f65f903a6eb1f9b9ba7f931a4e0c47b45f1ebe5b7536409eb9b54d7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 99318671A40218BFEB206BB55C4AFBF7E6EEB44B60F101026F605E61D1C7B05D11ABA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006916C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0069170D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006916C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0069173A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006916C3: GetLastError.KERNEL32 ref: 0069174A
                                                                                                                                                                                                                                                                                                                                                            • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00691286
                                                                                                                                                                                                                                                                                                                                                            • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 006912A8
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 006912B9
                                                                                                                                                                                                                                                                                                                                                            • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 006912D1
                                                                                                                                                                                                                                                                                                                                                            • GetProcessWindowStation.USER32 ref: 006912EA
                                                                                                                                                                                                                                                                                                                                                            • SetProcessWindowStation.USER32(00000000), ref: 006912F4
                                                                                                                                                                                                                                                                                                                                                            • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00691310
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006910BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,006911FC), ref: 006910D4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006910BF: CloseHandle.KERNEL32(?,?,006911FC), ref: 006910E9
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                                                                            • String ID: $default$winsta0$Zo
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 22674027-784821077
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cc312eec571319ea68ff5dc95676d0f7880ceef421920ae1e860ee8d01439ae6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 67d2b40bded6f2fdea77959f674719716c83961313ccb0e0482560cc162d75d2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc312eec571319ea68ff5dc95676d0f7880ceef421920ae1e860ee8d01439ae6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56819F7190020AAFEF119FA4DC49FEE7BFEEF09B14F244119F915AA6A0C7318945CB64
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006910F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00691114
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006910F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00690B9B,?,?,?), ref: 00691120
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006910F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00690B9B,?,?,?), ref: 0069112F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006910F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00690B9B,?,?,?), ref: 00691136
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006910F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0069114D
                                                                                                                                                                                                                                                                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00690BCC
                                                                                                                                                                                                                                                                                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00690C00
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00690C17
                                                                                                                                                                                                                                                                                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00690C51
                                                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00690C6D
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00690C84
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00690C8C
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00690C93
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00690CB4
                                                                                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000), ref: 00690CBB
                                                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00690CEA
                                                                                                                                                                                                                                                                                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00690D0C
                                                                                                                                                                                                                                                                                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00690D1E
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00690D45
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00690D4C
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00690D55
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00690D5C
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00690D65
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00690D6C
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00690D78
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00690D7F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00691193: GetProcessHeap.KERNEL32(00000008,00690BB1,?,00000000,?,00690BB1,?), ref: 006911A1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00691193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00690BB1,?), ref: 006911A8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00691193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00690BB1,?), ref: 006911B7
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8734297409bf20b21cd87233d632060ca43719918f36dfea5e68738ae4cb2fd6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 792acddbdd1a53eb288791d8bd570fc9570ecd1d8557b33e29050b84e6dd6447
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8734297409bf20b21cd87233d632060ca43719918f36dfea5e68738ae4cb2fd6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70714A72A0020AEFEF10DFA5DC44FEEBBBEBF08314F144515E919A6691D771A905CB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • OpenClipboard.USER32(006CCC08), ref: 006AEB29
                                                                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(0000000D), ref: 006AEB37
                                                                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(0000000D), ref: 006AEB43
                                                                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 006AEB4F
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 006AEB87
                                                                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 006AEB91
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 006AEBBC
                                                                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(00000001), ref: 006AEBC9
                                                                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(00000001), ref: 006AEBD1
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 006AEBE2
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 006AEC22
                                                                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(0000000F), ref: 006AEC38
                                                                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(0000000F), ref: 006AEC44
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 006AEC55
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 006AEC77
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 006AEC94
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 006AECD2
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 006AECF3
                                                                                                                                                                                                                                                                                                                                                            • CountClipboardFormats.USER32 ref: 006AED14
                                                                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 006AED59
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 72c43d978252b1190be8660c81491d76a84df78745ed0b14901c7ebe020dfa56
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f2523c48b63f77485bef0c8f15d46cac33fb976c4c33f9ccd11396adfdd15f4d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 72c43d978252b1190be8660c81491d76a84df78745ed0b14901c7ebe020dfa56
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FB61AD34204201AFD300EF24D989F7AB7A6EF85724F14951DF45A972A2DB72DD06CFA2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 006A69BE
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 006A6A12
                                                                                                                                                                                                                                                                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 006A6A4E
                                                                                                                                                                                                                                                                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 006A6A75
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00639CB3: _wcslen.LIBCMT ref: 00639CBD
                                                                                                                                                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 006A6AB2
                                                                                                                                                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 006A6ADF
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 137c3f431c91d4d77b0f83252baf2ca925c3c9dd8baac43cf90a87d9ac839ed3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8823fb1a760c9164859259d8e6b3cfcfcf6c87d3cd938c9a7019691847a57416
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 137c3f431c91d4d77b0f83252baf2ca925c3c9dd8baac43cf90a87d9ac839ed3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8CD174B2508300AFC754EBA4C885EABB7EDEF89704F04491DF585D7291EB74DA04CBA2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 006A9663
                                                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 006A96A1
                                                                                                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,?), ref: 006A96BB
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 006A96D3
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 006A96DE
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 006A96FA
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 006A974A
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(006F6B7C), ref: 006A9768
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 006A9772
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 006A977F
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 006A978F
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f2e436552b89c8e7ff428ec3ad7a4aabb92e1777b2df654561ae35e69034ae31
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 79206b1618fb39e1e1fdaa2878d38b340883de2a538f43778e866d3463983663
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f2e436552b89c8e7ff428ec3ad7a4aabb92e1777b2df654561ae35e69034ae31
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A431A2325402196EDB14EFB4EC59EEE77AEDF4A321F204155F919E2190DB34DE448E34
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 006A97BE
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 006A9819
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 006A9824
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 006A9840
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 006A9890
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(006F6B7C), ref: 006A98AE
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 006A98B8
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 006A98C5
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 006A98D5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0069DB00
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 025a5e82d247093eb4659b4bfc4f661e4e303da90f472d09d47e5f5ae5cfa06f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 417ce41f789676fe01c04ba9426309303046d96417fc66176afe1f261bbf8be7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 025a5e82d247093eb4659b4bfc4f661e4e303da90f472d09d47e5f5ae5cfa06f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C03190315006196EDB10EFA4EC48EEE77BE9F47320F2445A9E918A2291DB38DE458F74
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006BC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,006BB6AE,?,?), ref: 006BC9B5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006BC998: _wcslen.LIBCMT ref: 006BC9F1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006BC998: _wcslen.LIBCMT ref: 006BCA68
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006BC998: _wcslen.LIBCMT ref: 006BCA9E
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 006BBF3E
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 006BBFA9
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 006BBFCD
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 006BC02C
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 006BC0E7
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 006BC154
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 006BC1E9
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 006BC23A
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 006BC2E3
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 006BC382
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 006BC38F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: af48bc4eac629420bc2ea367eca551942ef0a2520cfa513cf3f0e2596b070299
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3bedabb73069f2f6c006ece26724af19137115df8557319eeb143c9eb546d7b7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: af48bc4eac629420bc2ea367eca551942ef0a2520cfa513cf3f0e2596b070299
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F026EB16042009FD714DF28C895E6AB7E6EF89314F18849DF44ADB3A2DB31ED45CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLocalTime.KERNEL32(?), ref: 006A8257
                                                                                                                                                                                                                                                                                                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 006A8267
                                                                                                                                                                                                                                                                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 006A8273
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 006A8310
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 006A8324
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 006A8356
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 006A838C
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 006A8395
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 689d92a18364b58ca84c54f96afa32d3e6aa7e5fabd29c9011568ac574852c16
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e3ab84d0803f6b6ec73c8aa29243d6e1850db16474780aca5fd8a06872946a08
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 689d92a18364b58ca84c54f96afa32d3e6aa7e5fabd29c9011568ac574852c16
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF6159725043059FCB50EF60C8409AEB3EABF89320F04891EF98997251DB35ED45CF96
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00633AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00633A97,?,?,00632E7F,?,?,?,00000000), ref: 00633AC2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069E199: GetFileAttributesW.KERNEL32(?,0069CF95), ref: 0069E19A
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0069D122
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0069D1DD
                                                                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0069D1F0
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 0069D20D
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 0069D237
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0069D21C,?,?), ref: 0069D2B2
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,?,?), ref: 0069D253
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0069D264
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a0c6bd9545643ceb64bfc0714b7583d50ae126ae904622f6285f47612d38a264
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cffd477c6c9714cee1300e8cb8c2b51b8f0f6652c937e18d271e564ecca89333
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a0c6bd9545643ceb64bfc0714b7583d50ae126ae904622f6285f47612d38a264
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DD617C31C0514DAACF45EBE0CA929FDB7BBAF55300F204069E40277291EB31AF09DBA4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: da61da4cccb95e679cfcdff1371c314c9cac22162e6f76f4409679312cd695d4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 312bc809b9f52f7a81027fb5d9e6d9818e4dce8bb762290469179648d76be5f9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da61da4cccb95e679cfcdff1371c314c9cac22162e6f76f4409679312cd695d4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0416A35604611AFE720EF15D888F69BBA6BF45329F14C09DE4198BB62C736ED42CF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006916C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0069170D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006916C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0069173A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006916C3: GetLastError.KERNEL32 ref: 0069174A
                                                                                                                                                                                                                                                                                                                                                            • ExitWindowsEx.USER32(?,00000000), ref: 0069E932
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                                                            • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 96ae2261284b652a2e1db2f85b78cf8efb570c7a2222b29cc3ff8ac5433cf966
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1abb52d0fd3351a7bc838bb6246296e64c2e228927882e539e35fe3b0fafc746
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 96ae2261284b652a2e1db2f85b78cf8efb570c7a2222b29cc3ff8ac5433cf966
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5501F972B10211AFEF54A6B49C8AFFF726EA714761F150426FD03E26D1D9A25C4181E4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 006B1276
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 006B1283
                                                                                                                                                                                                                                                                                                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 006B12BA
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 006B12C5
                                                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 006B12F4
                                                                                                                                                                                                                                                                                                                                                            • listen.WSOCK32(00000000,00000005), ref: 006B1303
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 006B130D
                                                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 006B133C
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1d305198cf80cab5bb669857d9afff877ed5a4c2c8a11005ccbbc8a4a9c62a15
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 809eb53e7818f17e62ef87006ab4d8a2561e98b45a7417f829997a6eeee01f65
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d305198cf80cab5bb669857d9afff877ed5a4c2c8a11005ccbbc8a4a9c62a15
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF416071600100AFD710DF64C498BAABBE6AF46324F588198E9569F396C771EDC1CBE1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00633AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00633A97,?,?,00632E7F,?,?,?,00000000), ref: 00633AC2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069E199: GetFileAttributesW.KERNEL32(?,0069CF95), ref: 0069E19A
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0069D420
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 0069D470
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 0069D481
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0069D498
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0069D4A1
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cdae9be50fb771ad963ce67df1a4a37cc8ae1f75f63beaf8738d01371185076d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 80bb7f84c74e7706707749613ac310b28ab483730eb3b29cb74978ea8049637a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cdae9be50fb771ad963ce67df1a4a37cc8ae1f75f63beaf8738d01371185076d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 233180710083859FC744EF64D8918AFB7EEAE91710F444E2DF4D593291EB30AA09DBA7
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 394d06717f5209dc2950c209544e15646a25e54c85a5686582eeb882cb14e821
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 78f5f296f8f5d69b5852b3ccadfebfd4fc7e0e54c9e3f9d64b417092e3921666
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 394d06717f5209dc2950c209544e15646a25e54c85a5686582eeb882cb14e821
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94C26B71E086288FDB65CF28DD407EAB7B6EB48305F1441EAD84EE7241E775AE858F40
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006A64DC
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 006A6639
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(006CFCF8,00000000,00000001,006CFB68,?), ref: 006A6650
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 006A68D4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e6d7035b0c2b68d35bf729426309ce69f8f6f0ba53bc58fdff55da427d564c2e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 840df65eca232902ba1fc3673c4cf2fe1863c3c4b5e0944315809551cc1ce56f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6d7035b0c2b68d35bf729426309ce69f8f6f0ba53bc58fdff55da427d564c2e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69D13971508201AFD354EF24C881E6BB7EAFF95704F04496DF5958B2A1EB70ED05CBA2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(?,?,00000000), ref: 006B22E8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006AE4EC: GetWindowRect.USER32(?,?), ref: 006AE504
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 006B2312
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 006B2319
                                                                                                                                                                                                                                                                                                                                                            • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 006B2355
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 006B2381
                                                                                                                                                                                                                                                                                                                                                            • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 006B23DF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6bcaf4193dd488c266be28b63a14ca1ec5a5b7f595fb436389a67f12da666cc0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 498a445655595eaf14a3fdd775bc022719ae3624af83a598b68cd4ca1156ef50
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6bcaf4193dd488c266be28b63a14ca1ec5a5b7f595fb436389a67f12da666cc0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5631A1B25043169BDB20DF54C849FABB7EAFF84314F00091DF58997191D735E949CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00639CB3: _wcslen.LIBCMT ref: 00639CBD
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 006A9B78
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 006A9C8B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006A3874: GetInputState.USER32 ref: 006A38CB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006A3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 006A3966
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 006A9BA8
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 006A9C75
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 33c70f91ddcfdc13928048b7a0f4baabca1a52a1fc99e370c770020737224354
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d3c607947e202a06e5e0e9d55eb8f05a310310185c4203731537a92115e8c609
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33c70f91ddcfdc13928048b7a0f4baabca1a52a1fc99e370c770020737224354
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC4183719046199FDF54EFA4CC49AEE7BB6EF06310F244159F805A2291DB309E44CFB4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00649BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00649BB2
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,?,?,?,?), ref: 00649A4E
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00649B23
                                                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 00649B36
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2f9eca60250f6e0b61c166e7f048b310a09d689afcfa5e5a17cf4e07e08e039a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 24e3f4d327f549f0fd39a5e12553b35da3616382968f5770b3b40d3065df0a5d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f9eca60250f6e0b61c166e7f048b310a09d689afcfa5e5a17cf4e07e08e039a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38A1F970148454EEE729BA3C8C98EFB269FDB42350B25431DF502D6791CA25DD82D37A
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006B304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 006B307A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006B304E: _wcslen.LIBCMT ref: 006B309B
                                                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 006B185D
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 006B1884
                                                                                                                                                                                                                                                                                                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 006B18DB
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 006B18E6
                                                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 006B1915
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4e6ddc8a55cc769b6217d4504be770913bd70b1da6f7af6dd59b133babecaa94
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5bf0a981ec8374f364c828c039c6e6904e434e897f45a7e1fd092e3f4eb69a54
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e6ddc8a55cc769b6217d4504be770913bd70b1da6f7af6dd59b133babecaa94
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7251B3B5A00210AFEB10AF24C896F6A77E6AB45718F44805CFA155F3D3C771AD418BE1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 310c34b8f9f6e13c7e91e05e91e88906f0dc06a63e3a2aaee66cc776c579c280
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 81039819e2883413d5a93af0d1fd3496435df8c3d38eb418cf00b3b563380fd9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 310c34b8f9f6e13c7e91e05e91e88906f0dc06a63e3a2aaee66cc776c579c280
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A219E317402115FD7208F1AC894F7A7BA6EF87325F19805DE84A8B352C775E842CB94
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1546025612
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1ed75ecd617b965c64ed870610674b7f6f3edcf0e18f2b78c5756b04cc6b29b9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3c68d5a388ef493b581bc8be30426707f2e487582b2615c42c75ec73a978df27
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ed75ecd617b965c64ed870610674b7f6f3edcf0e18f2b78c5756b04cc6b29b9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8A23C71A0061ACFDF24CF58C9517EEB7B3BB54314F2481A9E81AA7385DB749E81CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,?,?,00000000), ref: 006982AA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ($tbo$|
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1659193697-2343487118
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5dd2a15e67b4a47b25ce89e923d55d140d9dbef32faa7b51f04f288eaaf758b6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d62a8c293d8f25472e71f9e1059721989b243b8a5a3c914988c2d6c695239da8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5dd2a15e67b4a47b25ce89e923d55d140d9dbef32faa7b51f04f288eaaf758b6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49324474A007059FCB28CF59C481AAAB7F5FF48710B15C46EE49ADB7A1EB70E941CB44
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0069AAAC
                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(00000080), ref: 0069AAC8
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0069AB36
                                                                                                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0069AB88
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1cb82b96ba282929649095405798940d22583f4fe6eb26712cc5efac9f3f2d6d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8e752b42933bfef0ba15b44d9c6afcdae9f9589767abda2adf9654a809cd4f6a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1cb82b96ba282929649095405798940d22583f4fe6eb26712cc5efac9f3f2d6d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6310930A40248AFEF358BA9CC05BFA77EFAB44320F04421AE5C556AD4D7749981C7E6
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066BB7F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0066D7D1,00000000,00000000,00000000,00000000,?,0066D7F8,00000000,00000007,00000000,?,0066DBF5,00000000), ref: 006629DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006629C8: GetLastError.KERNEL32(00000000,?,0066D7D1,00000000,00000000,00000000,00000000,?,0066D7F8,00000000,00000007,00000000,?,0066DBF5,00000000,00000000), ref: 006629F0
                                                                                                                                                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32 ref: 0066BB91
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,?,0070121C,000000FF,?,0000003F,?,?), ref: 0066BC09
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,?,00701270,000000FF,?,0000003F,?,?,?,0070121C,000000FF,?,0000003F,?,?), ref: 0066BC36
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 806657224-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ccf448a8f344c4da393cc3a96346e1408d73ebf7581a5deef6d81e6eb03a4098
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d380de69c49a886e4269c5af279c55de746a6ea8f80fdb6dace59a030cb9ac0b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ccf448a8f344c4da393cc3a96346e1408d73ebf7581a5deef6d81e6eb03a4098
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B31CD71A04245DFCB11DF69CC8087DBBBAFF55760B1492AAE064EB3A1DB309E81CB54
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 006ACE89
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 006ACEEA
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000), ref: 006ACEFE
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f5f3ab162f6048a8ceb610abee09ebe0a6d78b00963c450ec37cb9d60aa04218
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3943683fd7bbffa7e07c55b87dea271796f03de7cc08c7b275d53e01b74c979e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5f3ab162f6048a8ceb610abee09ebe0a6d78b00963c450ec37cb9d60aa04218
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5219DB1500705AFEB20EF65C948BA677FAEF42364F10442EE64692251E774EE09CFA4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 006A5CC1
                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 006A5D17
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(?), ref: 006A5D5F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b7a065724cccb17cd73eb0585f326d118f57ad40dd2fa6079f1a2cce4559498d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5063774f6e5af436a536ff5909b931377ba2fb66152fd59e6eacb43139addf34
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b7a065724cccb17cd73eb0585f326d118f57ad40dd2fa6079f1a2cce4559498d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8519A74604A019FC714EF28C494EAAB7E6FF4A324F14855DE99A8B3A1CB30ED05CF95
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 0066271A
                                                                                                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00662724
                                                                                                                                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00662731
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 39a46545a31bc3bd4b3f35650f188db1ab2d9ae50f4648436d5b4a2be0237f40
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b6b62b22d15a446c2cb29286d45835308533a68c7a372ebd21067b156e727d04
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39a46545a31bc3bd4b3f35650f188db1ab2d9ae50f4648436d5b4a2be0237f40
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D931D47490121DABCB61DF68DC88BDCBBB9AF08310F5041EAE80CA7261E7309F858F44
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 006A51DA
                                                                                                                                                                                                                                                                                                                                                            • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 006A5238
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000), ref: 006A52A1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3cbccf0d3364c012f496ebb1eaf3601d23d4182c6b2c234d49bda9cab13d1325
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 98140618dc40d7b1427caa9e06c32cc2c0080d95679f3ab2310fdafbfed6d798
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3cbccf0d3364c012f496ebb1eaf3601d23d4182c6b2c234d49bda9cab13d1325
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4312B75A00518DFDB00DF55D884EADBBB6FF49314F088099E80AAB362DB31ED56CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0064FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00650668
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0064FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00650685
                                                                                                                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0069170D
                                                                                                                                                                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0069173A
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0069174A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8275c5fbd34d07484e8383992e4569624d57632fd910e010213c460ec68ae65f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4a00ee551eb3b95209e696105e6c7e34dcf6f3768fedc0d447525017bd21ec22
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8275c5fbd34d07484e8383992e4569624d57632fd910e010213c460ec68ae65f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C511C1B2900305AFE7189F54EC86D6AB7BEEF04724B24852EE0565B641EB70BC428B24
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0069D608
                                                                                                                                                                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0069D645
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0069D650
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 33631002-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 336c100028f41cb2cdbeeaf1ba5afed24f806b5581d455cbaa973bb77dcd2e35
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e1c0334a13c671c7ff8b4361ea26cac97015c6b4664f8a098ec864da4fd39065
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 336c100028f41cb2cdbeeaf1ba5afed24f806b5581d455cbaa973bb77dcd2e35
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22115E75E05228BFDB108F95EC45FAFBBBDEB45B60F108125F908E7290D6704A058BA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0069168C
                                                                                                                                                                                                                                                                                                                                                            • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 006916A1
                                                                                                                                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?), ref: 006916B1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 48d5c038f44badc6819de66be5f298489a5ab38246ac8231dda8dea53edcd150
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: df088e39bdc9c63eb06a92fa53cf962e505dd3027147b52af38e6da27c13662e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 48d5c038f44badc6819de66be5f298489a5ab38246ac8231dda8dea53edcd150
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20F0F471A50309FBDF00DFE49C89EAEBBBDFB08614F504565E901E2181E775AA448A54
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetUserNameW.ADVAPI32(?,?), ref: 0068D28C
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                            • String ID: X64
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 86559c9116330f4830d089c26f1ae2c3caacfe4312e1216b294946486cbfd94b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c44b57c11e91a3507c5745e19f917f739eb5226ceda83fd5655943bb9182de2e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 86559c9116330f4830d089c26f1ae2c3caacfe4312e1216b294946486cbfd94b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69D0CAB480112DEACB90DBA0EC88DEAB3BDBB04315F100292F20AA2040DB30964A9F20
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2a5c10fd3d67b67abcc21792425a7625aec9c598bfd205ddd164dd72c7a62caa
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34020D71E002199FDF14CFA9C8806EDBBF2EF48325F25816AD819E7344D731AA45CB94
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: Variable is not of type 'Object'.$p#p
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-30852625
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d91823486572c2b60d0ae6a91f68b39523414a954a776e17b67dde382171c479
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 31da532aaf3a73e9205265478759446f49a50c5431f3fb175a67e61a3e04a0d1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d91823486572c2b60d0ae6a91f68b39523414a954a776e17b67dde382171c479
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8329A74900218DBDF54EF94C885AEDB7B6BF04314F148559F806BB392DB35AE4ACBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 006A6918
                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 006A6961
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6c6d41885a24a09d7ed314eb08f2106dd06f875b74152ee66e9ba5a175bc4c5d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7b72781c792d83b889bba65911e5b17b25387c427b6263b0e730c7e03a2ed717
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c6d41885a24a09d7ed314eb08f2106dd06f875b74152ee66e9ba5a175bc4c5d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C117F756042019FC710DF29D484A16BBE6EF85328F18C69DF4698B7A2CB34EC05CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,006B4891,?,?,00000035,?), ref: 006A37E4
                                                                                                                                                                                                                                                                                                                                                            • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,006B4891,?,?,00000035,?), ref: 006A37F4
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2fbc23cd2f4db2f680d69e24bb4a145cbb30ee3bb7cbef32284a9c5d7ee9bbe6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 62266579c2929837fed518eb25a5ebde1b04df6377ad3db22863d4d37d03767b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2fbc23cd2f4db2f680d69e24bb4a145cbb30ee3bb7cbef32284a9c5d7ee9bbe6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77F0E5B16043282AE76067669C4DFEB3AAFEFC6771F000165F50DD2281D9A09D44CAB4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0069B25D
                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 0069B270
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2c50d5b5ab4baec2e90383179be697e87d29fc3f1b32903d775f1de7e34a6251
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6c19522dfa1e990bdaf46c950c2807d6c659f7f058bd6ee825c7d5b18600f41d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c50d5b5ab4baec2e90383179be697e87d29fc3f1b32903d775f1de7e34a6251
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5F01D7180424DABDF059FA0D805BFE7BB5FF04315F00901AF955A5191C37996119F94
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,006911FC), ref: 006910D4
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,006911FC), ref: 006910E9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cc3c4c4e5c6d0fbd1a93a1af844a32f2b950df243141d2027a1a7237b9291af2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 55b4578ca68ec749521e6b29ce1951f4eec6be1c7c100ab1d8ae2d9044146fbc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc3c4c4e5c6d0fbd1a93a1af844a32f2b950df243141d2027a1a7237b9291af2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8E04F32004600AEE7252B11FC05E737BAAEF04320B24882DF4AA804B1DB626C90DB14
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00666766,?,?,00000008,?,?,0066FEFE,00000000), ref: 00666998
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c890714334a4def127d4f45537309f9612e71027601baa12bb5031e81f6ba51a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f6fa20924947463ee1f935c0a3fc54afd5857e8393062139d414c6ac90d08c07
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c890714334a4def127d4f45537309f9612e71027601baa12bb5031e81f6ba51a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9B15B316106099FD715CF28D48ABA57BE2FF45364F25865CF89ACF2A2C335E982CB40
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 26dcfff8deeec5d17401768004d0077ce4d9c8928149e78ef3750a9ec46dbfb8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dbb9db26788adfec4f7337a12b6e2c0b66e364e2ed7e5481bad0d65b68812a4b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 26dcfff8deeec5d17401768004d0077ce4d9c8928149e78ef3750a9ec46dbfb8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D51260719002299FCB64DF98C8816EEB7F6FF48710F54819AE849EB255DB349E81CF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • BlockInput.USER32(00000001), ref: 006AEABD
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fb38149ddfcbba8080c81f87db5e7db74164d5b0a80edc5d254093b51151fb0c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7161d6821cb58be51cd47f9d529ba0b4b2010dcac60ad1a44a2ebbc644c0cd3f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb38149ddfcbba8080c81f87db5e7db74164d5b0a80edc5d254093b51151fb0c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E9E01A362002049FC710EF5AD804E9AB7EAAF99770F00841AFD49DB351DA71AC418B90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,006503EE), ref: 006509DA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 686c81985f017fb1e25badaf16a2006008a5359dc85a356d3c6c71ac8ce1930a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 77a226791a44e208a7140c123c9f26d676dd599d9c70aff9223e11900a5510db
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 686c81985f017fb1e25badaf16a2006008a5359dc85a356d3c6c71ac8ce1930a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d23b7b77322a9305e16b42764d9a0a3d73d24158059411cb44c55e3c2bef5d21
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3518B7161C7055BDB388568B85D7FE638B9B12303F18052EDC82D7782CA15EE0ED36A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0&p
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1223806618
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d3c38111ef881a3099e0e8c7b45a58cd46f41db91b859377ca6bee7aecea5762
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 513c864fbd48db3ffdaee5d3d25c76a1c18fc802c6c2e2947b5bea8cd0c14ef5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d3c38111ef881a3099e0e8c7b45a58cd46f41db91b859377ca6bee7aecea5762
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8721BB326605118BD728CF79C82367E73E5A754310F15862EE4A7C37D1DE7AAD04CB84
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 29f0f091381353cb008fec1b346e71f247c6decc5bf8a4ae90bb1317535b4eec
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ff60b1ee2491632fa3c3a711706edea957f86731c8dbd0356c58fc34d9c48f0e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29f0f091381353cb008fec1b346e71f247c6decc5bf8a4ae90bb1317535b4eec
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F132F321D2AF424DD7239634D832335A78AAFB73D9F15D737E81AB5AA5EF29C4834100
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d9184158a167693b14b0fce408746b38bd639920b2a78a4a1147bacd2b964b48
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9536410e947d8483c57790e0602e42f95e70f96a0ad55680483bb0af024981a5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d9184158a167693b14b0fce408746b38bd639920b2a78a4a1147bacd2b964b48
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67320631A001158BDF28EF29C4D46FD7BA3EF45330F28866AD95A9B791D230DD82DB61
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 09e17fe434c454655b4e1b086471a3f7560120375f3cedcac584296cec38a67a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0632a8bf3a6338f8261a7d38bf35dff989a460423af42d10d2612158f292ec2c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09e17fe434c454655b4e1b086471a3f7560120375f3cedcac584296cec38a67a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E522A0B0A0460ADFDF14CF64C881AEEB7F7FF44300F248569E816A7291EB75A915CB94
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fa1d015054f91e12426a561dafc3dca82eac379197b672a808433eb309e29a6c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9eae5ee2b6ba687e145a3fa6cea9e115b560b865d15c2880c9da329c2d132c45
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa1d015054f91e12426a561dafc3dca82eac379197b672a808433eb309e29a6c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E002B7B1E00115EBDB05DF54D881AAEB7B6FF48300F1081A9E81A9B391EB71AA15CFD5
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0acc58effc8c6a64f963a4289d4d638eb0ceff23506042c41f5c2b3babd82c8d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e4a5cc92f2aeb25f8f5c48066b0d1c444ab8421d8bb74bd6e80f7a4e240ee57c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0acc58effc8c6a64f963a4289d4d638eb0ceff23506042c41f5c2b3babd82c8d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 42B1F220D2AF914DC72396398931336B75DAFBB6D5F52E31BFC1674E22EB2285834141
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b4b97d3ad94721a2d46c30eaaa554e2668f3c102477ed5889079a7ba43a7ea68
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D49177725080A34ADB29463985356BDFFF25E533A3B1A079DDCF2CE2C1EE14895DD620
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dc4f26612c77220b4079d945440d6d8e6c62f79ec80f6e750546735a87f37f38
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A9154726090A34ADB694239847417EFFE35A933A3B1A079DDCF2CF2C5EE24855CD620
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: aebdf2603426cb55d6e97aa0f7bebe88cb11576f94e185e20afce4bcfc84ca92
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 059158726090A34ADB2E427A85741BDFFE25A933A3B1A079DD8F2CE2C1FD14C55DD620
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 22f31321085f2d1d5f0504d7194d6183e1b27e4f5230b980a876a7271cee3434
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d5ef151b7162fdea43fe959d4643688ad026d66c4db2b009089b763414817906
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 22f31321085f2d1d5f0504d7194d6183e1b27e4f5230b980a876a7271cee3434
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4061567160870A5BEA349E28BD95BFE239BDF51303F14091DEC42DB381DA11AE4EC319
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ddeb0fa200a1d3638e60433a36ef8467ac530647c7f50d8998cb333256452201
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 503a420fa969d302496b2dc1bb487af6f8ffbc59b354f9838333583088260557
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ddeb0fa200a1d3638e60433a36ef8467ac530647c7f50d8998cb333256452201
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05616C7120870956DF384A28B856BFE23A7DF41703F100B5DED83DB781EA129D4F8255
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1e1664daae0e2f7a0e984136cd22b3668cfd9eac30c9896fc8cd902865f86fdc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E8168725090A30ADB6D423D85345BEFFE35A933A3B1A079DD8F2CE2C1EE14995CD620
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 09b796994cc871c10740f903d30b31af95d0201841980562cb505568f50e904e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 309ed1e2638fe42e45edf1b1522a0eba305a25bbbccb1a16a01122b03251cc02
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09b796994cc871c10740f903d30b31af95d0201841980562cb505568f50e904e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4541D4D288EAD09FDB038B306C68968BFA0AD6755878E82DFD0854B097F351410DC766
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 006B2B30
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 006B2B43
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32 ref: 006B2B52
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 006B2B6D
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 006B2B74
                                                                                                                                                                                                                                                                                                                                                            • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 006B2CA3
                                                                                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 006B2CB1
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006B2CF8
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,?), ref: 006B2D04
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 006B2D40
                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006B2D62
                                                                                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006B2D75
                                                                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006B2D80
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 006B2D89
                                                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006B2D98
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 006B2DA1
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006B2DA8
                                                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 006B2DB3
                                                                                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006B2DC5
                                                                                                                                                                                                                                                                                                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,006CFC38,00000000), ref: 006B2DDB
                                                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 006B2DEB
                                                                                                                                                                                                                                                                                                                                                            • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 006B2E11
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 006B2E30
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006B2E52
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006B303F
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                            • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b78296d226f6c3f44f9d199e6a13ae676ef74f145ac2f728c7a86ec181c922b7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 072c78e61c9f61140392b7be9d73a54ce29b526ec661cb75f7320987a0f940a2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b78296d226f6c3f44f9d199e6a13ae676ef74f145ac2f728c7a86ec181c922b7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61027EB1900215EFDB14DF65CD89EAE7BBAEF48320F049158F919AB2A1CB749D41CB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 006C712F
                                                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 006C7160
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 006C716C
                                                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,000000FF), ref: 006C7186
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 006C7195
                                                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 006C71C0
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000010), ref: 006C71C8
                                                                                                                                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(00000000), ref: 006C71CF
                                                                                                                                                                                                                                                                                                                                                            • FrameRect.USER32(?,?,00000000), ref: 006C71DE
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 006C71E5
                                                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FE,000000FE), ref: 006C7230
                                                                                                                                                                                                                                                                                                                                                            • FillRect.USER32(?,?,?), ref: 006C7262
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006C7284
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C73E8: GetSysColor.USER32(00000012), ref: 006C7421
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C73E8: SetTextColor.GDI32(?,?), ref: 006C7425
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C73E8: GetSysColorBrush.USER32(0000000F), ref: 006C743B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C73E8: GetSysColor.USER32(0000000F), ref: 006C7446
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C73E8: GetSysColor.USER32(00000011), ref: 006C7463
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 006C7471
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C73E8: SelectObject.GDI32(?,00000000), ref: 006C7482
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C73E8: SetBkColor.GDI32(?,00000000), ref: 006C748B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C73E8: SelectObject.GDI32(?,?), ref: 006C7498
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 006C74B7
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 006C74CE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 006C74DB
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0db11d5a00d3f6eee0d17eb3bf491da05e2feab547c99207dd4a8e10046e9ba6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 94847ca6c16af5c8802ca6e6d012ec5cf95e40eaa5e47c1987609be2c829a90a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0db11d5a00d3f6eee0d17eb3bf491da05e2feab547c99207dd4a8e10046e9ba6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FFA1AC72008301AFDB009F64DC48EBBBBAAFB89330F141A19F966961E1D735E945CF51
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?), ref: 00648E14
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001308,?,00000000), ref: 00686AC5
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00686AFE
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00686F43
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00648F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00648BE8,?,00000000,?,?,?,?,00648BBA,00000000,?), ref: 00648FC5
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001053), ref: 00686F7F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00686F96
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00686FAC
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00686FB7
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ac1baf230503fe8b54d6a5d9ed16fd59e481de63f695eb109cd3a316c8971cd9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 60aa024406804eaaa2d94049fb86f15fb410ebbf5dbaa1990e04ce6ce054ad59
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac1baf230503fe8b54d6a5d9ed16fd59e481de63f695eb109cd3a316c8971cd9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6C12AC30604241DFDB25EF24C848BAABBE3FF44310F548669F5898B261CB31EC92DB95
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000), ref: 006B273E
                                                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 006B286A
                                                                                                                                                                                                                                                                                                                                                            • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 006B28A9
                                                                                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 006B28B9
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 006B2900
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,?), ref: 006B290C
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 006B2955
                                                                                                                                                                                                                                                                                                                                                            • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 006B2964
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 006B2974
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 006B2978
                                                                                                                                                                                                                                                                                                                                                            • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 006B2988
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 006B2991
                                                                                                                                                                                                                                                                                                                                                            • DeleteDC.GDI32(00000000), ref: 006B299A
                                                                                                                                                                                                                                                                                                                                                            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 006B29C6
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000,00000001), ref: 006B29DD
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 006B2A1D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 006B2A31
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000404,00000001,00000000), ref: 006B2A42
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 006B2A77
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 006B2A82
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 006B2A8D
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 006B2A97
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3fa79591d6e7c1870785f44b57ff155f3bc614b70c663806c1fd44ae286693ea
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cd33c111674f512812b25f6d9ede597549e532b447355c9461b80211c6652144
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3fa79591d6e7c1870785f44b57ff155f3bc614b70c663806c1fd44ae286693ea
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29B152B1A40215AFDB14DF65CC49FAEBBBAEB45720F008158F915E7290DB74ED40CB94
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 006A4AED
                                                                                                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?,006CCB68,?,\\.\,006CCC08), ref: 006A4BCA
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,006CCB68,?,\\.\,006CCC08), ref: 006A4D36
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2a1f3b36929cf219975fbd88cde1a34f21fcd6809ed1af066ad2e96bcb424f3a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a5bc703407b6871ce4e9e7dfb7b20bdeeaf84bfb07b1f1ac4eebb3a0e6f00544
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a1f3b36929cf219975fbd88cde1a34f21fcd6809ed1af066ad2e96bcb424f3a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E61A3306062099BCB04FF28CD829B877B3AF86350B248419F90BAB651DFB5DD42DF55
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000012), ref: 006C7421
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 006C7425
                                                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 006C743B
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 006C7446
                                                                                                                                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(?), ref: 006C744B
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000011), ref: 006C7463
                                                                                                                                                                                                                                                                                                                                                            • CreatePen.GDI32(00000000,00000001,00743C00), ref: 006C7471
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 006C7482
                                                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 006C748B
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 006C7498
                                                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 006C74B7
                                                                                                                                                                                                                                                                                                                                                            • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 006C74CE
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 006C74DB
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 006C752A
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 006C7554
                                                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FD,000000FD), ref: 006C7572
                                                                                                                                                                                                                                                                                                                                                            • DrawFocusRect.USER32(?,?), ref: 006C757D
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000011), ref: 006C758E
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 006C7596
                                                                                                                                                                                                                                                                                                                                                            • DrawTextW.USER32(?,006C70F5,000000FF,?,00000000), ref: 006C75A8
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 006C75BF
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 006C75CA
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 006C75D0
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 006C75D5
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 006C75DB
                                                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,?), ref: 006C75E5
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 06f5566a043dc67f981677f7be7430cc6d1167b6799685a10d382e53777e4dfd
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0daaa593e55323864025f5ac7bdf8adec393b768d015a65e4d426331398b5f78
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06f5566a043dc67f981677f7be7430cc6d1167b6799685a10d382e53777e4dfd
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20614B72900218AFDF019FA8DC49EEEBFBAEB09320F159115F915AB2A1D7759940CF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 006C1128
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 006C113D
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 006C1144
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006C1199
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 006C11B9
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 006C11ED
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 006C120B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 006C121D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000421,?,?), ref: 006C1232
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 006C1245
                                                                                                                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(00000000), ref: 006C12A1
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 006C12BC
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 006C12D0
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 006C12E8
                                                                                                                                                                                                                                                                                                                                                            • MonitorFromPoint.USER32(?,?,00000002), ref: 006C130E
                                                                                                                                                                                                                                                                                                                                                            • GetMonitorInfoW.USER32(00000000,?), ref: 006C1328
                                                                                                                                                                                                                                                                                                                                                            • CopyRect.USER32(?,?), ref: 006C133F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000412,00000000), ref: 006C13AA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                                                            • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7251c9ccc3f3d383324733f4987d9067c64962360cc084df3101cfb9df13bb4d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d000ed32ffbc9b60ef1cc1a30e66aa6f3345c697d931e119dae2901bde53f4a1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7251c9ccc3f3d383324733f4987d9067c64962360cc084df3101cfb9df13bb4d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0CB1AC71604340AFD740DF64C884FAABBE6FF86314F00891DF9999B262CB71E845CBA5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00648968
                                                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000007), ref: 00648970
                                                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0064899B
                                                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000008), ref: 006489A3
                                                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000004), ref: 006489C8
                                                                                                                                                                                                                                                                                                                                                            • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 006489E5
                                                                                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 006489F5
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00648A28
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00648A3C
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,000000FF), ref: 00648A5A
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00648A76
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00648A81
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0064912D: GetCursorPos.USER32(?), ref: 00649141
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0064912D: ScreenToClient.USER32(00000000,?), ref: 0064915E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0064912D: GetAsyncKeyState.USER32(00000001), ref: 00649183
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0064912D: GetAsyncKeyState.USER32(00000002), ref: 0064919D
                                                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(00000000,00000000,00000028,006490FC), ref: 00648AA8
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0ba1e609f84875a2ccfa333b462a94893b47d9ee265e21c640ce2e9396ed0561
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0ccbb8eb4209de8f3aadc42f9254ee32abc62a0ea177f5ccb6e8d747d8939be2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ba1e609f84875a2ccfa333b462a94893b47d9ee265e21c640ce2e9396ed0561
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5BB16B71A00209DFDB14DFA8CD45FEE3BB6FB48324F108229FA19A7290DB74A941CB55
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006910F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00691114
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006910F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00690B9B,?,?,?), ref: 00691120
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006910F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00690B9B,?,?,?), ref: 0069112F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006910F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00690B9B,?,?,?), ref: 00691136
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006910F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0069114D
                                                                                                                                                                                                                                                                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00690DF5
                                                                                                                                                                                                                                                                                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00690E29
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00690E40
                                                                                                                                                                                                                                                                                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00690E7A
                                                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00690E96
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00690EAD
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00690EB5
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00690EBC
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00690EDD
                                                                                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000), ref: 00690EE4
                                                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00690F13
                                                                                                                                                                                                                                                                                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00690F35
                                                                                                                                                                                                                                                                                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00690F47
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00690F6E
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00690F75
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00690F7E
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00690F85
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00690F8E
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00690F95
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00690FA1
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00690FA8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00691193: GetProcessHeap.KERNEL32(00000008,00690BB1,?,00000000,?,00690BB1,?), ref: 006911A1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00691193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00690BB1,?), ref: 006911A8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00691193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00690BB1,?), ref: 006911B7
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1c476121ca81685487db297c0fdf98e3328de7e1ffde7b738871231ae00fa648
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e18d6cd515e11991adf6b767f200ad6a1950239baea1ddfab19d0fd75e9d1ce2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c476121ca81685487db297c0fdf98e3328de7e1ffde7b738871231ae00fa648
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F171277290020AAFEF209FA5DC48FFEBBBEEF05310F148115E919E6691D7719A05CB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 006BC4BD
                                                                                                                                                                                                                                                                                                                                                            • RegCreateKeyExW.ADVAPI32(?,?,00000000,006CCC08,00000000,?,00000000,?,?), ref: 006BC544
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 006BC5A4
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006BC5F4
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006BC66F
                                                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 006BC6B2
                                                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 006BC7C1
                                                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 006BC84D
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 006BC881
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 006BC88E
                                                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 006BC960
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 296f0772356a84ff79fd2c9e5883ffbccc07803aa4743754d6b2ba772c3d8b9c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 88464279d6a9e9eb1f46fc370adf4cbe2a17461566f741f5c148e96f598025c9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 296f0772356a84ff79fd2c9e5883ffbccc07803aa4743754d6b2ba772c3d8b9c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66126B756042019FDB54DF14C881E6AB7E6FF88724F04889DF89A9B3A2DB31ED41CB85
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 006C09C6
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006C0A01
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 006C0A54
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006C0A8A
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006C0B06
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006C0B81
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0064F9F2: _wcslen.LIBCMT ref: 0064F9FD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00692BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00692BFA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ba1e42055c14a13a465adf210195d8c92629b55819f28b20793c3e39842524f0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fa8fd9e00d2eb3be63764b35febbc94fd365d88d2a2a7450c5a18716cf40fef9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ba1e42055c14a13a465adf210195d8c92629b55819f28b20793c3e39842524f0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9CE15535208201DBCB54DF24C450A6AB7E3FF98314F15895DF8969B3A2DB31ED46CB85
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2ccebcf75011a407e1950e5f62b0835b121fcd4b0bca6f2e45379d3fc8ada9e7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d320f436f4bcb19a461b2d7dfc7f77ef98a0f4de0fa4d3a802efc3c3c4d9a729
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ccebcf75011a407e1950e5f62b0835b121fcd4b0bca6f2e45379d3fc8ada9e7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9871C3B261012A8BCB20DE6CC9515FE3793AB61774F250528FC56AB385EA31DFC583A4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006C835A
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006C836E
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006C8391
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006C83B4
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 006C83F2
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,006C361A,?), ref: 006C844E
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 006C8487
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 006C84CA
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 006C8501
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 006C850D
                                                                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 006C851D
                                                                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?), ref: 006C852C
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 006C8549
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 006C8555
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                                                            • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b3808d68892904ea01d83c2d21cc04534e51f1b363614dc73e2d78706573451a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5c23af33e3eab1e9efa0e2354ad0861822aaae9e6572be857d58878a0a9be858
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b3808d68892904ea01d83c2d21cc04534e51f1b363614dc73e2d78706573451a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED61BC71500219BEEB289F64CC45FFE77AAEB04721F10864AF915D71D1DFB4AA90CBA0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d0a3ef8fab5877c3aa0bec74af6409d2725363de67f9495379d34530aff5c5c5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 75da97747682134ae087677b5eaa0773b69a4e7d0930020b3a0c0b95173bdc06
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d0a3ef8fab5877c3aa0bec74af6409d2725363de67f9495379d34530aff5c5c5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8381B8B1604605BBDB60AF60DC42FEE77BBAF15301F054068F909AB292EBB0D915C7E5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CharLowerBuffW.USER32(?,?), ref: 006A3EF8
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006A3F03
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006A3F5A
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006A3F98
                                                                                                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?), ref: 006A3FD6
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 006A401E
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 006A4059
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 006A4087
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                            • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: db322e29b9467e3eedbe6e946a57809df8ec4433630b7cf7094b8e4c4a10da84
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 39f05cc0250af23b6eb2023565d86836caa85a6b7b90a559ecb8588cf5729568
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: db322e29b9467e3eedbe6e946a57809df8ec4433630b7cf7094b8e4c4a10da84
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8271E0726042119FC310EF24C8818AAB7F6EF95768F10892DF99697351EB30EE45CF91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000063), ref: 00695A2E
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00695A40
                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 00695A57
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 00695A6C
                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00695A72
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00695A82
                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00695A88
                                                                                                                                                                                                                                                                                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00695AA9
                                                                                                                                                                                                                                                                                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00695AC3
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00695ACC
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00695B33
                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 00695B6F
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00695B75
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00695B7C
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00695BD3
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00695BE0
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000005,00000000,?), ref: 00695C05
                                                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00695C2F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 642fe5b32b93e281451be319ffc161dc19950f8f9d3baf59ad2d8fdb67eae76c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2eb29417fe51611f9244761856da7161a53c49deb932e3feb44c9fc558acbb9a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 642fe5b32b93e281451be319ffc161dc19950f8f9d3baf59ad2d8fdb67eae76c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1718F31900B059FDF21DFA9CE95EAEBBFAFF48714F104518E547A2AA0D775A940CB10
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F89), ref: 006AFE27
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F8A), ref: 006AFE32
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 006AFE3D
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F03), ref: 006AFE48
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F8B), ref: 006AFE53
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F01), ref: 006AFE5E
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F81), ref: 006AFE69
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F88), ref: 006AFE74
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F80), ref: 006AFE7F
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F86), ref: 006AFE8A
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F83), ref: 006AFE95
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F85), ref: 006AFEA0
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F82), ref: 006AFEAB
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F84), ref: 006AFEB6
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F04), ref: 006AFEC1
                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 006AFECC
                                                                                                                                                                                                                                                                                                                                                            • GetCursorInfo.USER32(?), ref: 006AFEDC
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006AFF1E
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7b80ccde24ac3fcb75dd839fd4c5b8c84cf023b008f77f7249f44739f96bad84
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 34f65eafa03be8508b337116c5d8a2725edd577ff215a328977cedff3c186e82
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b80ccde24ac3fcb75dd839fd4c5b8c84cf023b008f77f7249f44739f96bad84
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B94151B0D043196EDB109FBA8C89C6EBFE9FF05364B50452AF11DE7281DB78A9018F91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[o
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 176396367-1026763703
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 344194cb0d9dccbdb69b5814ea6fe6eb82534bcafc038ff787199e9d0b06880b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3fe491a939d8a75e103ab7588193c444ef2df525510a2f8e683ea0f41c846498
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 344194cb0d9dccbdb69b5814ea6fe6eb82534bcafc038ff787199e9d0b06880b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EBE10232A00526ABCF189FA8C4516FEBBBBBF04710F558129E556A7740DB30AF859790
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 006500C6
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006500ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0070070C,00000FA0,75F26726,?,?,?,?,006723B3,000000FF), ref: 0065011C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006500ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,006723B3,000000FF), ref: 00650127
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006500ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,006723B3,000000FF), ref: 00650138
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006500ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0065014E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006500ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0065015C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006500ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0065016A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006500ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00650195
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006500ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 006501A0
                                                                                                                                                                                                                                                                                                                                                            • ___scrt_fastfail.LIBCMT ref: 006500E7
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006500A3: __onexit.LIBCMT ref: 006500A9
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            • kernel32.dll, xrefs: 00650133
                                                                                                                                                                                                                                                                                                                                                            • SleepConditionVariableCS, xrefs: 00650154
                                                                                                                                                                                                                                                                                                                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00650122
                                                                                                                                                                                                                                                                                                                                                            • WakeAllConditionVariable, xrefs: 00650162
                                                                                                                                                                                                                                                                                                                                                            • InitializeConditionVariable, xrefs: 00650148
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                                                            • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0e7b0244a16b7e9dd9766b00a79b715a562c87743f9e9d361a3ac0050c664a80
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c358c1890f99fcd585cee413e1f157d13d6217e3ef6434c5ea5d8292df7c9c2b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e7b0244a16b7e9dd9766b00a79b715a562c87743f9e9d361a3ac0050c664a80
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86210732640B01ABFB205BA4AC05F7A3797EF44B72F15012DFC05927D1DF68D8048A95
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CharLowerBuffW.USER32(00000000,00000000,006CCC08), ref: 006A4527
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006A453B
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006A4599
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006A45F4
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006A463F
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006A46A7
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0064F9F2: _wcslen.LIBCMT ref: 0064F9FD
                                                                                                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?,006F6BF0,00000061), ref: 006A4743
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1e6d1ae7b67d587856c2abcfef92484e3c4f90bea7c2afa35ed02ad3c2cf18f0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e239cd2bd8e6e8da7971b1330c796af71a2f4c8f9aa3f87565acf65311f612a4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e6d1ae7b67d587856c2abcfef92484e3c4f90bea7c2afa35ed02ad3c2cf18f0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7AB1C1716083029BC710EF28C891AAAB7E7AFE6764F50491DF496C7391DBB0DC45CA92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00649BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00649BB2
                                                                                                                                                                                                                                                                                                                                                            • DragQueryPoint.SHELL32(?,?), ref: 006C9147
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C7674: ClientToScreen.USER32(?,?), ref: 006C769A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C7674: GetWindowRect.USER32(?,?), ref: 006C7710
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C7674: PtInRect.USER32(?,?,006C8B89), ref: 006C7720
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 006C91B0
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 006C91BB
                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 006C91DE
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 006C9225
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 006C923E
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 006C9255
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 006C9277
                                                                                                                                                                                                                                                                                                                                                            • DragFinish.SHELL32(?), ref: 006C927E
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 006C9371
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#p
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 221274066-541875553
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 814bef0fe95e04d58b06fa2ccee935730e5e8e3ae7a61516ca7be73ccb0d8c97
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e7f44859ca9893cbafc3d6d408e21c459bbd784d6c894199cadb07e84a41049f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 814bef0fe95e04d58b06fa2ccee935730e5e8e3ae7a61516ca7be73ccb0d8c97
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29618E71108301AFC701DF50DC85EAFBBEAEFC8750F40492DF595921A0DB709A49CBA6
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,006CCC08), ref: 006B40BB
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 006B40CD
                                                                                                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,006CCC08), ref: 006B40F2
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,006CCC08), ref: 006B413E
                                                                                                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028,?,006CCC08), ref: 006B41A8
                                                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000009), ref: 006B4262
                                                                                                                                                                                                                                                                                                                                                            • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 006B42C8
                                                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 006B42F2
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                                                                                                                                                                                            • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 354098117-199464113
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 864dd0c533092901c3c8c7a9c2a397c5d4942a856c5a070634000475e3b03f22
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6c1a0430045dc7766c312075d7ce26892755fd63e1338542e49ec56e302e844f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 864dd0c533092901c3c8c7a9c2a397c5d4942a856c5a070634000475e3b03f22
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19120CB5A00115EFDB14DF94C884EEEBBB6FF45314F248098E9059B252DB71ED86CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00701990), ref: 00672F8D
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00701990), ref: 0067303D
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00673081
                                                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 0067308A
                                                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(00701990,00000000,?,00000000,00000000,00000000), ref: 0067309D
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 006730A9
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9f48762f6cd7652caa1a7c171311cdb1e3ebb7d36264710eb561b405f3d2afd2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8f40d9c732cf8329e0aef3e86302725dd73b4f74a47c23eb3be46c95c24257e3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f48762f6cd7652caa1a7c171311cdb1e3ebb7d36264710eb561b405f3d2afd2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18712A70644216BFEB218F24CD59FEABF66FF04324F208216F518AA3E0C7B1A950D790
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,?), ref: 006C6DEB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00636B57: _wcslen.LIBCMT ref: 00636B6A
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 006C6E5F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 006C6E81
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 006C6E94
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 006C6EB5
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00630000,00000000), ref: 006C6EE4
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 006C6EFD
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 006C6F16
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 006C6F1D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 006C6F35
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 006C6F4D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00649944: GetWindowLongW.USER32(?,000000EB), ref: 00649952
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a019ee3ffcd3a071c815cb7cd0fd3b9fc6ade49418a86c4e869b4854a7083dfd
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2c8dcc407dfc5a8c097cd936d9129369d58b17cbe2d887690aea5a0b98960e0a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a019ee3ffcd3a071c815cb7cd0fd3b9fc6ade49418a86c4e869b4854a7083dfd
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B2714674104244AFDB21CF18D858FBABBEAFF89314F44851EF99987361CB70A906DB19
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 006AC4B0
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 006AC4C3
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 006AC4D7
                                                                                                                                                                                                                                                                                                                                                            • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 006AC4F0
                                                                                                                                                                                                                                                                                                                                                            • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 006AC533
                                                                                                                                                                                                                                                                                                                                                            • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 006AC549
                                                                                                                                                                                                                                                                                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 006AC554
                                                                                                                                                                                                                                                                                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 006AC584
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 006AC5DC
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 006AC5F0
                                                                                                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 006AC5FB
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 62247340588faa5c2c80cca097b83b4c43898063e550959d81316d82886391d5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 31568718a1708eb32981785c5de4adbe8e01eebcae0b6b0a67925f3c98c92a2a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 62247340588faa5c2c80cca097b83b4c43898063e550959d81316d82886391d5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC514AB0500204AFDB21AF64C948ABA7BFEEF09764F005419F94996610DB34EE549F60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 006C8592
                                                                                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000), ref: 006C85A2
                                                                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000), ref: 006C85AD
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 006C85BA
                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 006C85C8
                                                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 006C85D7
                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 006C85E0
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 006C85E7
                                                                                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 006C85F8
                                                                                                                                                                                                                                                                                                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,006CFC38,?), ref: 006C8611
                                                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 006C8621
                                                                                                                                                                                                                                                                                                                                                            • GetObjectW.GDI32(?,00000018,000000FF), ref: 006C8641
                                                                                                                                                                                                                                                                                                                                                            • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 006C8671
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 006C8699
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 006C86AF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 36d4cda5d022ba9309f52be3a3ef3b2df16f51509b7d14b9f8fd8a277c510208
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bb05d47322be1a6bfca8db18cc5833c4461e67b19c1ceacfdf98225f45550620
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 36d4cda5d022ba9309f52be3a3ef3b2df16f51509b7d14b9f8fd8a277c510208
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B410A75600204AFDB219FA5DC48EBA7BBAFF89721F148059F909E7260DB749E01DB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000000), ref: 006A1502
                                                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 006A150B
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 006A1517
                                                                                                                                                                                                                                                                                                                                                            • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 006A15FB
                                                                                                                                                                                                                                                                                                                                                            • VarR8FromDec.OLEAUT32(?,?), ref: 006A1657
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 006A1708
                                                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 006A178C
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 006A17D8
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 006A17E7
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000000), ref: 006A1823
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                                                                                                            • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 79940538edb2d266a9ead087f95b6fedbfa5f0072b134077c3e1cfd96ddd8f8e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: df7e1e8b5d3cf3160cf1fffcfe45a2d9ebc773671c94c4b30b9e61af9843cfff
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79940538edb2d266a9ead087f95b6fedbfa5f0072b134077c3e1cfd96ddd8f8e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84D1CCB1A00515EBDB44AFA5D895BB9B7B7BF47700F14805AE446AF280DB30EC42DFA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00639CB3: _wcslen.LIBCMT ref: 00639CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006BC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,006BB6AE,?,?), ref: 006BC9B5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006BC998: _wcslen.LIBCMT ref: 006BC9F1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006BC998: _wcslen.LIBCMT ref: 006BCA68
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006BC998: _wcslen.LIBCMT ref: 006BCA9E
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 006BB6F4
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 006BB772
                                                                                                                                                                                                                                                                                                                                                            • RegDeleteValueW.ADVAPI32(?,?), ref: 006BB80A
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 006BB87E
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 006BB89C
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advapi32.dll), ref: 006BB8F2
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 006BB904
                                                                                                                                                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 006BB922
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 006BB983
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 006BB994
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cb3893f3b9182ffa08825f06e49cc39e323eee172064e6129c04c2bc4a396402
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bd4b05e145e6b911c8220daf9ccb658f68da90c93f753e7a2184a6ce1cf8136b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb3893f3b9182ffa08825f06e49cc39e323eee172064e6129c04c2bc4a396402
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6EC17C74208201AFD714DF14C494FAABBE6BF85318F14945CF59A4B3A2CBB1ED86CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 006B25D8
                                                                                                                                                                                                                                                                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 006B25E8
                                                                                                                                                                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(?), ref: 006B25F4
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 006B2601
                                                                                                                                                                                                                                                                                                                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 006B266D
                                                                                                                                                                                                                                                                                                                                                            • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 006B26AC
                                                                                                                                                                                                                                                                                                                                                            • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 006B26D0
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 006B26D8
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 006B26E1
                                                                                                                                                                                                                                                                                                                                                            • DeleteDC.GDI32(?), ref: 006B26E8
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,?), ref: 006B26F3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                                                            • String ID: (
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bbf00a73a26809d752471d8edf57780fdcaeb89381c2da61ab9a8cb92513b91c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3bef74a698c8b934827c38c3e738b321145c014a08d631a22de71ef5a084e45c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bbf00a73a26809d752471d8edf57780fdcaeb89381c2da61ab9a8cb92513b91c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9161F2B5D00219EFCB14CFA8D884EAEBBF6FF48310F248529E959A7250E771A9418F54
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ___free_lconv_mon.LIBCMT ref: 0066DAA1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0066D63C: _free.LIBCMT ref: 0066D659
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0066D63C: _free.LIBCMT ref: 0066D66B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0066D63C: _free.LIBCMT ref: 0066D67D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0066D63C: _free.LIBCMT ref: 0066D68F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0066D63C: _free.LIBCMT ref: 0066D6A1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0066D63C: _free.LIBCMT ref: 0066D6B3
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0066D63C: _free.LIBCMT ref: 0066D6C5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0066D63C: _free.LIBCMT ref: 0066D6D7
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0066D63C: _free.LIBCMT ref: 0066D6E9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0066D63C: _free.LIBCMT ref: 0066D6FB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0066D63C: _free.LIBCMT ref: 0066D70D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0066D63C: _free.LIBCMT ref: 0066D71F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0066D63C: _free.LIBCMT ref: 0066D731
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066DA96
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0066D7D1,00000000,00000000,00000000,00000000,?,0066D7F8,00000000,00000007,00000000,?,0066DBF5,00000000), ref: 006629DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006629C8: GetLastError.KERNEL32(00000000,?,0066D7D1,00000000,00000000,00000000,00000000,?,0066D7F8,00000000,00000007,00000000,?,0066DBF5,00000000,00000000), ref: 006629F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066DAB8
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066DACD
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066DAD8
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066DAFA
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066DB0D
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066DB1B
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066DB26
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066DB5E
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066DB65
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066DB82
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066DB9A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d9907b8921a2732e00fd9b21c840780b2da0a9463b97fd62991146e4997267e2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9f290052744467c8932935aba0961844ffa41e7bd14a199e5f850842cdb5199f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d9907b8921a2732e00fd9b21c840780b2da0a9463b97fd62991146e4997267e2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F318B71B047069FEB65AA7AE841BAA77EBFF40750F15451DE448D7291DF30AC40C724
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 0069369C
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006936A7
                                                                                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00693797
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 0069380C
                                                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(?), ref: 0069385D
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00693882
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 006938A0
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(00000000), ref: 006938A7
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00693921
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 0069395D
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e7202c45e4fd4a318f45449319283040f4e1fa5088b18b59d89f5b6821e8314b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: af7dbc37ac92ce9c88e55bf610b8bc81c551643c84c06a1df0f1a8f69e361ec6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7202c45e4fd4a318f45449319283040f4e1fa5088b18b59d89f5b6821e8314b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E991C271204616AFDB18DF64C885FEAB7AEFF44350F004519F99AC6790EB30EA45CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00694994
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 006949DA
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006949EB
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,00000000), ref: 006949F7
                                                                                                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 00694A2C
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00694A64
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 00694A9D
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00694AE6
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00694B20
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00694B8B
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                            • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fbf23186520ac864e3f082e15e02003c51cfb119ab3cfede1abec1824d1eec72
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dfb48ef4093b8ffa059bb40225feb50dae36863d1bd420e7afca50f24386e1eb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fbf23186520ac864e3f082e15e02003c51cfb119ab3cfede1abec1824d1eec72
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A917A711082059FDF04DF14C985FAA77EEEF84314F04846AED899A69ADF30ED46CBA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(00701990,000000FF,00000000,00000030), ref: 0069BFAC
                                                                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(00701990,00000004,00000000,00000030), ref: 0069BFE1
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000001F4), ref: 0069BFF3
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(?), ref: 0069C039
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 0069C056
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,-00000001), ref: 0069C082
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,?), ref: 0069C0C9
                                                                                                                                                                                                                                                                                                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0069C10F
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0069C124
                                                                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0069C145
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 29c9b4a9a988a05e59b69d9426c081fe5074fbef426a69d3781029571ae53f4f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 29c2db5dab24f6659a3a5f3bb39f5c45bd92d1cc38bc9a059b1d016ad592d346
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29c9b4a9a988a05e59b69d9426c081fe5074fbef426a69d3781029571ae53f4f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC619DB090024AAFDF11CF64DD88EFEBBAEEB05364F404159E805A3692C735AD55CB64
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 006BCC64
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 006BCC8D
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 006BCD48
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006BCC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 006BCCAA
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006BCC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 006BCCBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006BCC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 006BCCCF
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006BCC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 006BCD05
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006BCC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 006BCD28
                                                                                                                                                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 006BCCF3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e7f686b2ae433e5214b602763dbe537274fc3fe9e2fa44120e989045d205a84d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4b388a936ceba7eb3b263a772b2fa982fc372ecefd191f5314bd4a56606f3db3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7f686b2ae433e5214b602763dbe537274fc3fe9e2fa44120e989045d205a84d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 983160B5A01129BBD7208B55DC88EFFBB7EEF55764F000165E909E2240D7349B85DBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 006A3D40
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006A3D6D
                                                                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 006A3D9D
                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 006A3DBE
                                                                                                                                                                                                                                                                                                                                                            • RemoveDirectoryW.KERNEL32(?), ref: 006A3DCE
                                                                                                                                                                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 006A3E55
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 006A3E60
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 006A3E6B
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 56865e80c5f88c91e82eebc1906b49dcd2679fd10f3f32aab8375f0dbf905c92
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 30930cd08b0803182375091c44baa84980c49b341f6468dcb3c6bff883c2ac3d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56865e80c5f88c91e82eebc1906b49dcd2679fd10f3f32aab8375f0dbf905c92
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C318372900119ABDB21AFA0DC49FEB37BEEF89750F1041A5F609D6260E7749B448F64
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 0069E6B4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0064E551: timeGetTime.WINMM(?,?,0069E6D4), ref: 0064E555
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A), ref: 0069E6E1
                                                                                                                                                                                                                                                                                                                                                            • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0069E705
                                                                                                                                                                                                                                                                                                                                                            • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0069E727
                                                                                                                                                                                                                                                                                                                                                            • SetActiveWindow.USER32 ref: 0069E746
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0069E754
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 0069E773
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000000FA), ref: 0069E77E
                                                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32 ref: 0069E78A
                                                                                                                                                                                                                                                                                                                                                            • EndDialog.USER32(00000000), ref: 0069E79B
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                                                            • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: af5f9a35b5afe6d170c24811374750dfa94cd0262dea5b6af6090b2a055829ea
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: adfa3b79f24ca1eccdef53eab38d51df6f1b192709e10a63cee7b0fba03b4979
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: af5f9a35b5afe6d170c24811374750dfa94cd0262dea5b6af6090b2a055829ea
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DF218E71200204EFEF00AF61EC8DE353B6FF754768B145524F50981AA2DF67AC41DB29
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00639CB3: _wcslen.LIBCMT ref: 00639CBD
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0069EA5D
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0069EA73
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0069EA84
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0069EA96
                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0069EAA7
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9897c8bdbaab4de52321b8ed7ef8f5331796ce8c7af2b54711bf1ef1d4d0e060
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a2f7e871ea1e14d5bf0f3474a957c3ea725dfdb601e7ad33feb52501287bd36d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9897c8bdbaab4de52321b8ed7ef8f5331796ce8c7af2b54711bf1ef1d4d0e060
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA117331A9026E79DB20E7A1DC4AEFF6B7EEBD1B10F410429B511A20E1EEF15D05C6B0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000001), ref: 00695CE2
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00695CFB
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00695D59
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000002), ref: 00695D69
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00695D7B
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00695DCF
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00695DDD
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00695DEF
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00695E31
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 00695E44
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00695E5A
                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00695E67
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7796c33b552fb1a1c4bd9ceb666f9402ecec45ea1dd9e8ecb46d1c0c8bafe65d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4ab73c0ddec4e26f8a0553c44d7e7108a30ef8f8661681c43039af0f484ed00e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7796c33b552fb1a1c4bd9ceb666f9402ecec45ea1dd9e8ecb46d1c0c8bafe65d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94512FB0A00615AFDF18CF69CD99EAE7BBAFF48310F108129F51AE6690D7709E04CB50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00648F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00648BE8,?,00000000,?,?,?,?,00648BBA,00000000,?), ref: 00648FC5
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00648C81
                                                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(00000000,?,?,?,?,00648BBA,00000000,?), ref: 00648D1B
                                                                                                                                                                                                                                                                                                                                                            • DestroyAcceleratorTable.USER32(00000000), ref: 00686973
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00648BBA,00000000,?), ref: 006869A1
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00648BBA,00000000,?), ref: 006869B8
                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00648BBA,00000000), ref: 006869D4
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 006869E6
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: febb8e471fa64a7a500ce6a192bdee414f0c2a77bfb76c9d3dc49e511b5f573e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2d9ca3f9397ac602b24d70d6da2628da8a74149e8f59a89a50c1916563dfe293
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: febb8e471fa64a7a500ce6a192bdee414f0c2a77bfb76c9d3dc49e511b5f573e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1461AC30502711DFCB25AF14DA88BA977F3FB40326F54961CE0469B6A0CB75AD81CFA8
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00649944: GetWindowLongW.USER32(?,000000EB), ref: 00649952
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00649862
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 52b9ef77c6a7912995ef54ab915c9f069bdf8da90ab43049cd887df4d530175f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9247609da9f9828876d85f25083b4ebad0723a3749f4f054049b252679725da1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52b9ef77c6a7912995ef54ab915c9f069bdf8da90ab43049cd887df4d530175f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 974171311446449FDB209F3D9C84FBA37A7AB16330F284B55F9A6872E1D731D842DB21
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: .e
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-2491337497
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ec6363349a0c34fa68f0190584cc882fc0bb761c3d5069ab2c313c72d16dea80
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3bd2fac480c31893b367b5fec667486647f63aa87dc0e4ee0aae947277e174a9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec6363349a0c34fa68f0190584cc882fc0bb761c3d5069ab2c313c72d16dea80
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69C1D1B4A04249EFDF11DFA8D841BEDBBB6AF09310F14429DE815A7392CB349942CB75
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0067F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00699717
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,0067F7F8,00000001), ref: 00699720
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00639CB3: _wcslen.LIBCMT ref: 00639CBD
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0067F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00699742
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,0067F7F8,00000001), ref: 00699745
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00699866
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b6a08c758f5946e15e6c1286f017f20c98c338eabb68f1b7bc8047abd78f41ac
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 24173556cfcc5fdc876dd6a615092e2cf17742871222ccb9bdcc76fa30d886c1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6a08c758f5946e15e6c1286f017f20c98c338eabb68f1b7bc8047abd78f41ac
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF414B72800219AADF44EBE4CE46EEEB37AEF55300F10442DF60572192EA756F49CAB5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00636B57: _wcslen.LIBCMT ref: 00636B6A
                                                                                                                                                                                                                                                                                                                                                            • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 006907A2
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 006907BE
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 006907DA
                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00690804
                                                                                                                                                                                                                                                                                                                                                            • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0069082C
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00690837
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0069083C
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0fb48669ce0c27d400a86a567dd646515b4b5934398e1961e77ca1b2f57d5da0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ca2b5c342cd195c9a88fd0ffbcf68a1a1852f6066e9298fb678fc7da86fe2290
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0fb48669ce0c27d400a86a567dd646515b4b5934398e1961e77ca1b2f57d5da0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3410672D10229AFDF15EBA4DC95DEDB77ABF44350F044129E906A72A1EB709E04CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 006B3C5C
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 006B3C8A
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 006B3C94
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006B3D2D
                                                                                                                                                                                                                                                                                                                                                            • GetRunningObjectTable.OLE32(00000000,?), ref: 006B3DB1
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001,00000029), ref: 006B3ED5
                                                                                                                                                                                                                                                                                                                                                            • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 006B3F0E
                                                                                                                                                                                                                                                                                                                                                            • CoGetObject.OLE32(?,00000000,006CFB98,?), ref: 006B3F2D
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000), ref: 006B3F40
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 006B3FC4
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 006B3FD8
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f737ff67fbda0263baa47c6fd0922c53e3cf62182dceb205b8f99b60712e4415
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f001d77442bfea7753e560faf8a6abd281857101f897c375e09156661d3dae87
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f737ff67fbda0263baa47c6fd0922c53e3cf62182dceb205b8f99b60712e4415
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 42C135B16082119FD700DF68C8849ABBBEAFF89754F10491DF98A9B311DB30ED46CB52
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 006A7AF3
                                                                                                                                                                                                                                                                                                                                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 006A7B8F
                                                                                                                                                                                                                                                                                                                                                            • SHGetDesktopFolder.SHELL32(?), ref: 006A7BA3
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(006CFD08,00000000,00000001,006F6E6C,?), ref: 006A7BEF
                                                                                                                                                                                                                                                                                                                                                            • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 006A7C74
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(?,?), ref: 006A7CCC
                                                                                                                                                                                                                                                                                                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 006A7D57
                                                                                                                                                                                                                                                                                                                                                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 006A7D7A
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 006A7D81
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 006A7DD6
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 006A7DDC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5fedaf4024662605fa6e6b0b7b69c632ccea6e944703f7bccc3ebcc5a9b9ff44
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 13d0a9dcf00ee6cf7f837721723d6bfd28fa714767c37ea539b6a9d5dfe3b589
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5fedaf4024662605fa6e6b0b7b69c632ccea6e944703f7bccc3ebcc5a9b9ff44
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AAC1F975A04109AFCB14EF64C884DAEBBFAFF49314B148499E91A9B361D730ED45CF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 006C5504
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 006C5515
                                                                                                                                                                                                                                                                                                                                                            • CharNextW.USER32(00000158), ref: 006C5544
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 006C5585
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 006C559B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 006C55AC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dd73d6731fe306b8b4dffd040d55f5552888606e26678c470a451f2bc2ef4d9f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 869389b50d4b31a259262f2df1bc5d634d47d5bb3bd0636491df7e8c0fbb72d8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd73d6731fe306b8b4dffd040d55f5552888606e26678c470a451f2bc2ef4d9f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49619E30900608EFDF109F55CD84EFE7BBAEF09720F508149F926AA291D774AAC1DB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0068FAAF
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAllocData.OLEAUT32(?), ref: 0068FB08
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 0068FB1A
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(?,?), ref: 0068FB3A
                                                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 0068FB8D
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(?), ref: 0068FBA1
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0068FBB6
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayDestroyData.OLEAUT32(?), ref: 0068FBC3
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0068FBCC
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0068FBDE
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0068FBE9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 65ae3575def0d162a88ab73e7b39bb49c1250ea545a4f426012634288aad16fa
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8b98e514bdf25a97d41bff7474fdf00d1cccc891c2832a3c2a40394984b7dca9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65ae3575def0d162a88ab73e7b39bb49c1250ea545a4f426012634288aad16fa
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E5412E35A00219DFCB04EF64D854DAEBBBAFF48354F00C169E95AA7261DB30A946CF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 00699CA1
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 00699D22
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A0), ref: 00699D3D
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 00699D57
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A1), ref: 00699D6C
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000011), ref: 00699D84
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 00699D96
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000012), ref: 00699DAE
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000012), ref: 00699DC0
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 00699DD8
                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(0000005B), ref: 00699DEA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9848eed723c62b46e9448031dc30e05d3d966b9dab45f77ea63a203367427024
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c5d9c95824b1c90da0de24f2d68bfe571b89895d55df91045a8869fc0c409bd2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9848eed723c62b46e9448031dc30e05d3d966b9dab45f77ea63a203367427024
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6C41F930504BC96DFF30876888443F5BEAA6F12354F44805EC6C656BC2EBA599C8C7B2
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • WSAStartup.WSOCK32(00000101,?), ref: 006B05BC
                                                                                                                                                                                                                                                                                                                                                            • inet_addr.WSOCK32(?), ref: 006B061C
                                                                                                                                                                                                                                                                                                                                                            • gethostbyname.WSOCK32(?), ref: 006B0628
                                                                                                                                                                                                                                                                                                                                                            • IcmpCreateFile.IPHLPAPI ref: 006B0636
                                                                                                                                                                                                                                                                                                                                                            • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 006B06C6
                                                                                                                                                                                                                                                                                                                                                            • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 006B06E5
                                                                                                                                                                                                                                                                                                                                                            • IcmpCloseHandle.IPHLPAPI(?), ref: 006B07B9
                                                                                                                                                                                                                                                                                                                                                            • WSACleanup.WSOCK32 ref: 006B07BF
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                            • String ID: Ping
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 56a0545e854bec0d536c037aa0884fe186286da3b6467ec5770188c693bd7545
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 437c82ebe973a49e728510c3fedb892ae6441d768b9285ca17b6971f8bb96635
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56a0545e854bec0d536c037aa0884fe186286da3b6467ec5770188c693bd7545
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FD918EB55042019FE720CF15C588F9BBBE2AF44318F1485A9F4698B7A2CB70ED85CF91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                                                            • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1cd90c915bb1b67269219e239ef034ada49def6830d95d66a1fed82434a1b27a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d24cf44c6e5d9b451d1a91d18fbbe277e57d381706052fafb749c6abb5329a8b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1cd90c915bb1b67269219e239ef034ada49def6830d95d66a1fed82434a1b27a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF5180B1A041169FCB14DF68C9519FEB7ABAF64324B204229E826E7385DB30DD81CBD0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32 ref: 006B3774
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 006B377F
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000017,006CFB78,?), ref: 006B37D9
                                                                                                                                                                                                                                                                                                                                                            • IIDFromString.OLE32(?,?), ref: 006B384C
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 006B38E4
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 006B3936
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                                                            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 66d1f6be5c612aa6140cef122228e9112dd1ddbbd57b7480d484b2e33dcd227a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 56a4849acb614bbe32741f39689b34b3f815625c08f0a7b6a999b32da266854d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66d1f6be5c612aa6140cef122228e9112dd1ddbbd57b7480d484b2e33dcd227a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60618DB0708321AFD710DF54C848BAABBEAAF45710F00481DF5859B391DB70EE89CB96
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 006A33CF
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00639CB3: _wcslen.LIBCMT ref: 00639CBD
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 006A33F0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c0d3141e79a195ea5c5b561026881f4cdf8df737209a90ca61da708129533612
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2a7cd7f6aa2541968203d6645dd322f1c2eb3371f9a10d7f231547062dbe879b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c0d3141e79a195ea5c5b561026881f4cdf8df737209a90ca61da708129533612
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D519D71C00219AADF15EBA0CD42EEEB77AEF05300F108169F505722A2EB752F58DFA4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7cbc884e18f77e45905497da1278124d50ddd016476e84ee6256c472e9406c1c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b5daca5d8228c380b7aa1f0dd51154e1ba2d69bbd354330c94cc6f2a03d3bd0b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7cbc884e18f77e45905497da1278124d50ddd016476e84ee6256c472e9406c1c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9241F832A000269BCF106F7DDE905FE7BABAFA1754B245229E421DB784E731ED81C790
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 006A53A0
                                                                                                                                                                                                                                                                                                                                                            • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 006A5416
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006A5420
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,READY), ref: 006A54A7
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                            • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0e84cc7aba6c90765c4d67ce3a0fa9a73198b1b714a4d15d7a6472725be789b1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 940cdfa53bb05569d055e9eadb2654942e4ed0d01cc7ba250c8c7bc6f667026a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e84cc7aba6c90765c4d67ce3a0fa9a73198b1b714a4d15d7a6472725be789b1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05319135A006049FC710EF68C484AE9BBF6EF5A305F188069E506DB352DB70DD86CF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateMenu.USER32 ref: 006C3C79
                                                                                                                                                                                                                                                                                                                                                            • SetMenu.USER32(?,00000000), ref: 006C3C88
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 006C3D10
                                                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 006C3D24
                                                                                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 006C3D2E
                                                                                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 006C3D5B
                                                                                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32 ref: 006C3D63
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0$F
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2844f588ce750d5d8624d36e2ce9009b69c55bc84b33a04fd3c6178a37ce391a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9852ffae82777c9d453456779687833d2866faa9e6adab2611f287efbb4026fc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2844f588ce750d5d8624d36e2ce9009b69c55bc84b33a04fd3c6178a37ce391a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74414775A01219EFDB14CF64D854FEA7BB6FF49350F14402DE94AA7360D731AA10CB94
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00639CB3: _wcslen.LIBCMT ref: 00639CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00693CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00693CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00691F64
                                                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32 ref: 00691F6F
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 00691F8B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00691F8E
                                                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(?), ref: 00691F97
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 00691FAB
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00691FAE
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ef4ff7cd8db2db878bcad6ed4e606a4440f6d843a94246a31375c863bbe60e99
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ed7e260bd5351b4080c563b8aa6b0ed49117e078f1dc4eae863489ea1074a690
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ef4ff7cd8db2db878bcad6ed4e606a4440f6d843a94246a31375c863bbe60e99
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7921D470900218BBCF05AFA0CC85DFEBBBAEF06310F101519F965A7291CB755905DB74
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00639CB3: _wcslen.LIBCMT ref: 00639CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00693CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00693CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00692043
                                                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32 ref: 0069204E
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 0069206A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 0069206D
                                                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(?), ref: 00692076
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 0069208A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 0069208D
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 19add47355465baf344fd834a6cb280c494b5bafe42cd66b15e1ec1c7dd07a91
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 76920e33893ed28bf16a723293aeb772e692fd8d1bec29fe9b51cf069ea3f781
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 19add47355465baf344fd834a6cb280c494b5bafe42cd66b15e1ec1c7dd07a91
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F21F375D00218BBCF14AFA0CC95EFEBBBAEF05310F00140AF955A72A1CA754915DB70
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 006C3A9D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 006C3AA0
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006C3AC7
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 006C3AEA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 006C3B62
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 006C3BAC
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 006C3BC7
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 006C3BE2
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 006C3BF6
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 006C3C13
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7939209823d00089838a35427055975ecc8051f0adca3034fc4776b75c7d5432
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4db7a3e85cffc2a39ff6946b7404a707786e4b8a0f72509b584924b3c2e4f299
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7939209823d00089838a35427055975ecc8051f0adca3034fc4776b75c7d5432
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD616775A00258AFDB10DFA8CC81EFE77B9EB09710F108199FA15A73A1C774AE41DB64
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0069B151
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(00000000,?,?,?,?,?,0069A1E1,?,00000001), ref: 0069B165
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000), ref: 0069B16C
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0069A1E1,?,00000001), ref: 0069B17B
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 0069B18D
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0069A1E1,?,00000001), ref: 0069B1A6
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0069A1E1,?,00000001), ref: 0069B1B8
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0069A1E1,?,00000001), ref: 0069B1FD
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0069A1E1,?,00000001), ref: 0069B212
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0069A1E1,?,00000001), ref: 0069B21D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 04100650cb9ced095bbd767dd24f56cf5603d8b300540a452f776ff61e618913
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d91289aa0f4e603cf259cb3cc1460b4b9f03c6d95e8793a63cca268908e91bee
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 04100650cb9ced095bbd767dd24f56cf5603d8b300540a452f776ff61e618913
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90318E71500204EFDF109F25EE48FBD7BAFEB51321F14A115FA05DA690DBB8AA418F64
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00662C94
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0066D7D1,00000000,00000000,00000000,00000000,?,0066D7F8,00000000,00000007,00000000,?,0066DBF5,00000000), ref: 006629DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006629C8: GetLastError.KERNEL32(00000000,?,0066D7D1,00000000,00000000,00000000,00000000,?,0066D7F8,00000000,00000007,00000000,?,0066DBF5,00000000,00000000), ref: 006629F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00662CA0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00662CAB
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00662CB6
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00662CC1
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00662CCC
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00662CD7
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00662CE2
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00662CED
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00662CFB
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8fd58b216464ed3ef03a6df00223c8698bc19884952db7106d344ca2f484f97c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a5d6193c08b685e3806df69be59f48760e4647ab2d45d02774135ba89d1ee5fe
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8fd58b216464ed3ef03a6df00223c8698bc19884952db7106d344ca2f484f97c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57112B36600409BFCB46EF55D852CDC3BA6FF45780F4041A8F9485F232D631EE509B94
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 006A7FAD
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 006A7FC1
                                                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 006A7FEB
                                                                                                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 006A8005
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 006A8017
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 006A8060
                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 006A80B0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cadd2e885f73fdb83592fa2c1e82fa1aaac9ed2a989b480bf9df8f962cc57672
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 46e3d9c60edb627051499cdc7b6e32abcc40c756eb4f81eb5a8ba4d2d42f33d1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cadd2e885f73fdb83592fa2c1e82fa1aaac9ed2a989b480bf9df8f962cc57672
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8581AF725082459FCB24FF14C8449AAB3EABF8A310F144C6EF889D7251EB35DD498F92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EB), ref: 00635C7A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00635D0A: GetClientRect.USER32(?,?), ref: 00635D30
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00635D0A: GetWindowRect.USER32(?,?), ref: 00635D71
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00635D0A: ScreenToClient.USER32(?,?), ref: 00635D99
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32 ref: 006746F5
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00674708
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00674716
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 0067472B
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00674733
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 006747C4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0e2601072b06e06651135e08866effb70feb77c0907eb7f207e074ce9a559031
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4a9fcd97c466792f1d390e0455f490e98aded9cbe6a838706f47c817c1611963
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e2601072b06e06651135e08866effb70feb77c0907eb7f207e074ce9a559031
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C71B031500205DFCF258F64C988AFA7BB7FF4A364F148269ED5A5A2A6CB31D842DF50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 006A35E4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00639CB3: _wcslen.LIBCMT ref: 00639CBD
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00702390,?,00000FFF,?), ref: 006A360A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cbfe834f73565fbdce1b98c92831d6bd0a2e0d30c7bc4970c159141c5ef8c01d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c2f44211927776a62a9184614480131dd060a022bd402991207b71798f1e8eb2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cbfe834f73565fbdce1b98c92831d6bd0a2e0d30c7bc4970c159141c5ef8c01d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29516171C00219BBDF55EBA0CC42EEDBB7AEF05300F549129F105722A1DB715A95DFA8
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 006AC272
                                                                                                                                                                                                                                                                                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 006AC29A
                                                                                                                                                                                                                                                                                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 006AC2CA
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006AC322
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?), ref: 006AC336
                                                                                                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 006AC341
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c9dc4a58a20ee73a6cef10d424fb4cbcce027754a8297c19a5a0a06140abaff0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9e5ddf47df7acc13e32508b2b585238e5ab9977a8075b72157db0fbd2451d895
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9dc4a58a20ee73a6cef10d424fb4cbcce027754a8297c19a5a0a06140abaff0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E316DB1500204AFDB21AF648888EBB7AFEEF4A764F14851EF44A92200DB34DD059F70
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00673AAF,?,?,Bad directive syntax error,006CCC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 006998BC
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,00673AAF,?), ref: 006998C3
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00639CB3: _wcslen.LIBCMT ref: 00639CBD
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00699987
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d2cb8a21e2d6abb0c9e9ed8b1513eb3471586497b72403836c49e04ca781018c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5fdc816176ab9951a6c420078564134e83f25f8d3b306cd72157f60e29a858a6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2cb8a21e2d6abb0c9e9ed8b1513eb3471586497b72403836c49e04ca781018c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 30213C3284021AABDF15AF90CC06EEE777AFF18300F049459F519661A2EA719618DB64
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 006920AB
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000000,?,00000100), ref: 006920C0
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0069214D
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 33ad7081fca0a167503000ddbd5f0ddd4a97ab07fe658f8083198db120c20f44
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 908449e8e804d70dd65ef5d6fb49620c2f29b071d4febbbf4e43368cbb333e3c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33ad7081fca0a167503000ddbd5f0ddd4a97ab07fe658f8083198db120c20f44
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0811367668870BBAFE012221DC2BCF6379FCB05329F21005AFB05A55D5EE616C565618
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6f14eb13d75000f40550313cd8c23cbe0c43c128e30a97328be45db89037b520
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8ffa67f347d4a17c413fc2edd41625f45ce58452bb6b1147a234b2a65d4544d8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f14eb13d75000f40550313cd8c23cbe0c43c128e30a97328be45db89037b520
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0615BB1B04B01AFDB25AFB49C51BB97BA7EF05370F04426DF98497381DA369D0187A4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 006C5186
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000000), ref: 006C51C7
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000005,?,00000000), ref: 006C51CD
                                                                                                                                                                                                                                                                                                                                                            • SetFocus.USER32(?,?,00000005,?,00000000), ref: 006C51D1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006C6FBA: DeleteObject.GDI32(00000000), ref: 006C6FE6
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006C520D
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 006C521A
                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 006C524D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 006C5287
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 006C5296
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dfba55669e425a94e2ef7bb903d62308ace5dbaf866f997cd30c21b82c679eb0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 47d6760dc4ab84cefa3408ba25b324da2dd1af2d9cf5e07cc0101bbf2eb1bd11
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dfba55669e425a94e2ef7bb903d62308ace5dbaf866f997cd30c21b82c679eb0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C51A030A50A08BEEF209F24CC49FF97BA7EB05325F584119F516966E1C779BAC0DB40
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00686890
                                                                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 006868A9
                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 006868B9
                                                                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 006868D1
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 006868F2
                                                                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00648874,00000000,00000000,00000000,000000FF,00000000), ref: 00686901
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0068691E
                                                                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00648874,00000000,00000000,00000000,000000FF,00000000), ref: 0068692D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cae1b63481f31e1a2b8d397953edeec2b329509bf30f23d70c525ef73bc79d26
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 912a6cd740fbd22ff2338d9ce5e4bf03ee78682817c2d98a66d4ae31a8139f3a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cae1b63481f31e1a2b8d397953edeec2b329509bf30f23d70c525ef73bc79d26
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73515870A00209EFDB20DF25CC55FAA7BB7EB58760F104618F956972E0DB70E991DB50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 006AC182
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006AC195
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?), ref: 006AC1A9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006AC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 006AC272
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006AC253: GetLastError.KERNEL32 ref: 006AC322
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006AC253: SetEvent.KERNEL32(?), ref: 006AC336
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006AC253: InternetCloseHandle.WININET(00000000), ref: 006AC341
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9f1af8f7e1b9719255151793b2d059b71999b25c73c918ff1e7322ce2ee8adeb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e4250e4930e81d935e51987ee7b5f93bc9416e3708a06d952a21ef208903c37a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f1af8f7e1b9719255151793b2d059b71999b25c73c918ff1e7322ce2ee8adeb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 30318C71200605AFDB21AFA5DD44AB6BBFAFF5A320B04441EF95A82710D731EE15DFA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00693A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00693A57
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00693A3D: GetCurrentThreadId.KERNEL32 ref: 00693A5E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00693A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,006925B3), ref: 00693A65
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 006925BD
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 006925DB
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 006925DF
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 006925E9
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00692601
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00692605
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 0069260F
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00692623
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00692627
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b0c5ab0b4d41b2ee4996a1a368d4fe998532ea087526af77d8909cfcb822539f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a6d2b105f9eb94615716949928a7aa619e6e458e2023abddf57ca13c2adc9eeb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b0c5ab0b4d41b2ee4996a1a368d4fe998532ea087526af77d8909cfcb822539f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA01D430790220BBFB106769DC8AF693F5EDB4EB22F111005F318AE1D1C9E224449AA9
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00691449,?,?,00000000), ref: 0069180C
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00691449,?,?,00000000), ref: 00691813
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00691449,?,?,00000000), ref: 00691828
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,00691449,?,?,00000000), ref: 00691830
                                                                                                                                                                                                                                                                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,00691449,?,?,00000000), ref: 00691833
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00691449,?,?,00000000), ref: 00691843
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00691449,00000000,?,00691449,?,?,00000000), ref: 0069184B
                                                                                                                                                                                                                                                                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,00691449,?,?,00000000), ref: 0069184E
                                                                                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,00691874,00000000,00000000,00000000), ref: 00691868
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 503a569fc5f28999a874c8c6e59bb117ae833d3585ba8e5fcb10fe26db0bddf3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c550b02221e8c1eea311f2cdf180b947daf590424e2f2996c06aafe997e8b9f0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 503a569fc5f28999a874c8c6e59bb117ae833d3585ba8e5fcb10fe26db0bddf3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3701CDB5240748BFE710AFB6DC4DF6B3BADEB89B11F055411FA09DB5A1CA749800DB20
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                                                                                            • String ID: }}e$}}e$}}e
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1036877536-2309951160
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c4f0edf4155b5e4db7848facd6175275012361957119717d77de0214ee27b559
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2AA12671E002969FDB25CF28C8917BABBE6EF66350F1441AEE5959B381CA348D82C750
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0069D501
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0069D50F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069D4DC: CloseHandle.KERNELBASE(00000000), ref: 0069D5DC
                                                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 006BA16D
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 006BA180
                                                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 006BA1B3
                                                                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 006BA268
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000), ref: 006BA273
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 006BA2C4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                            • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d6318e60bd9649a405b54dd325b9d86effd3228f3af67489df832d3398adf80c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 45b99aeb7245ca6f167215f43c4e2be4615d3260efd3fa2bba8741829a18602f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6318e60bd9649a405b54dd325b9d86effd3228f3af67489df832d3398adf80c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6619270204241AFD710DF59C494FA5BBE6AF44318F18849CF45A4BB93C772ED85CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 006C3925
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 006C393A
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 006C3954
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006C3999
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001057,00000000,?), ref: 006C39C6
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001061,?,0000000F), ref: 006C39F4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c8644630e600642d4be5bf2d13071a3978df967e303d531e590e30a045d8a5bb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 97794cceba19afc483ccd339241fed0a5ba08ea9f099e4d8956b0745e2e149a1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c8644630e600642d4be5bf2d13071a3978df967e303d531e590e30a045d8a5bb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D41A371A00219ABDF219F64CC45FFA7BAAEF08354F10452AF958E7381D775DA80CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0069BCFD
                                                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(00000000), ref: 0069BD1D
                                                                                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 0069BD53
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00CB7838), ref: 0069BDA4
                                                                                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(00CB7838,?,00000001,00000030), ref: 0069BDCC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 87ec12e5702a6f4ec70cb599bf58effc5d61e6cd77bba364642ce00953c4da23
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f240e8da2822943e0bc72f14a61f24361273d8c824ce697f14e3e17f950b9ebc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 87ec12e5702a6f4ec70cb599bf58effc5d61e6cd77bba364642ce00953c4da23
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5051AD70A002099BDF10CFA8EA88BEEBBFEAF45324F146159E405A7790D7709949CB61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00652D4B
                                                                                                                                                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00652D53
                                                                                                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00652DE1
                                                                                                                                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00652E0C
                                                                                                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00652E61
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                                                            • String ID: &He$csm
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1170836740-3927386944
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 314521653874fbe3d5e2a87aceff633705e17915ded4d1ac7691e4b12c6acaed
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c21be49ebf434e2db91cef3a3b37747ca623853331dffaeba16870aef6e7cf32
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 314521653874fbe3d5e2a87aceff633705e17915ded4d1ac7691e4b12c6acaed
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA41A634E0021ADBCF14DF68C855ADEBBB6BF46366F148159EC146B352D731AA09CBD0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000000,00007F03), ref: 0069C913
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                                                            • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0da13534c9e45fb7a4d2f6376dbb4a36e91d59e441ba54ea0c4e45ec25a1d377
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b9de1cb482d869692ae94ddd2d5c718324ecc556be74e0df7b7544559a28aebc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0da13534c9e45fb7a4d2f6376dbb4a36e91d59e441ba54ea0c4e45ec25a1d377
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA110D3168D30ABAEF056B55DC83CFA779EDF15379B20002EF904A6682DB705D415368
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fd13538ab040fcc90c0a4036b8f3e57f3f5a9405cb37fb6394199e388863c20f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7c000348254053af0c725491c7d57f20c62d5c33e20cae30be1020a73dbe1af3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd13538ab040fcc90c0a4036b8f3e57f3f5a9405cb37fb6394199e388863c20f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F112671904109AFCF60AB64DC4AEFF77AEDF10761F0101BDF509AA191EF71CA818A64
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 26457b0daddb811eca9b9b830a0837a60ef1593434d44a9661ed46f209fc7960
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 66536846cd0d031f1760631de94e258d1242a7b80618dbf55b189b6930f17baf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 26457b0daddb811eca9b9b830a0837a60ef1593434d44a9661ed46f209fc7960
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB41B065C1021865CB51EBB4C88A9DFB3AEAF05311F40846AF918E3522EB34E349C3E9
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0068682C,00000004,00000000,00000000), ref: 0064F953
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0068682C,00000004,00000000,00000000), ref: 0068F3D1
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0068682C,00000004,00000000,00000000), ref: 0068F454
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f752b948b5f0a7d363791f69fb70008c58e75927954bb2bc6ddec018ef91e1cc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: abd0a3b6dc99e454293448b08fc25e6400fb6f8b56cfe21c1a5da34b5612c567
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f752b948b5f0a7d363791f69fb70008c58e75927954bb2bc6ddec018ef91e1cc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A411831618680FFD7399F298888BBA7BD3AF56324F18553DF08B56761C732A881CB51
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 006C2D1B
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 006C2D23
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 006C2D2E
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 006C2D3A
                                                                                                                                                                                                                                                                                                                                                            • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 006C2D76
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 006C2D87
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,006C5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 006C2DC2
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 006C2DE1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7f3a60a584ee969e569eb97cde8590baa53adab3ff5313f5d043aeb0ab39e46c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c67d87e1f323b139a633731e6526b666f13d443d98f5f682196e4add910d8408
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f3a60a584ee969e569eb97cde8590baa53adab3ff5313f5d043aeb0ab39e46c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E3319C72201214BFEB118F50CC8AFFB3BAAEF19721F084055FE099A291C6759C41CBA4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 13d375a450ede4e9e1fd21143de0d093dce2100a5d0fb13787132be02535644c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 83714a915d3fae7a27a37574a26a3daf2c15caaf0e9e9bf810756fb821f5e71f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13d375a450ede4e9e1fd21143de0d093dce2100a5d0fb13787132be02535644c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6921F571740A09779A165A209DB2FFB334FEF21385F440029FD069EA81FB21EE1583A9
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 598a5dd9e5ac18a494e949f12aec98755574beab1bac0dd3758ed279162bc7ea
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 985d988988ad5b51c8869cc1df8afe3048e5c1780ea906f79f173cc0fc23c9b2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 598a5dd9e5ac18a494e949f12aec98755574beab1bac0dd3758ed279162bc7ea
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 91D19FB1A0060A9FDF14DF98C881BEEB7B6BF48354F148069E916AB381E771DD85CB50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCPInfo.KERNEL32(?,?), ref: 006715CE
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00671651
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 006716E4
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 006716FB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00663820: RtlAllocateHeap.NTDLL(00000000,?,00701444,?,0064FDF5,?,?,0063A976,00000010,00701440,006313FC,?,006313C6,?,00631129), ref: 00663852
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00671777
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 006717A2
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 006717AE
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0df51417af9b5813fb6401ce84c0beae384576a3b60e01fa735e3b98577f2ee7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1c63d46d7ca5a77707fdd51a49ecaac6c469869d59cf21c8202a96a5a9418af5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0df51417af9b5813fb6401ce84c0beae384576a3b60e01fa735e3b98577f2ee7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 899185B1E002169AEF288E7CC851EEE7BB79F46710F18865AE809EF241D735DD45C7A0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                                                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 72c1da21ad14396c05f9de357dbb04471a671d9fc6d0349f872e2d50b07ec280
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0baaa058638b39449a84328d5db74abd84df8d007de2deb04f3f6b0095e26203
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 72c1da21ad14396c05f9de357dbb04471a671d9fc6d0349f872e2d50b07ec280
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF9176B1A00215ABDF24CF65C844FEE7BBAEF46714F10855DF505AB282DB709985CF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 006A125C
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 006A1284
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 006A12A8
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 006A12D8
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 006A135F
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 006A13C4
                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 006A1430
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cd963e7dea160f213faf6185fe176348aad0bcee6488341565e12b26c5be8b76
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2f64bcce522382f5a283911503e7aeda328f69d08be59daed31a6d1538200821
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd963e7dea160f213faf6185fe176348aad0bcee6488341565e12b26c5be8b76
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75919E719002099FDB40AF98C885BBEB7F6FF46325F148029E541EB291D774AD41CF94
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2e6ce1df52bf2cf5c50c18e9b8ba03639b864dc5da700e45673e3ae0d0734811
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 27c0d4f6a45310135206db172cec6607e05003279b23f5d713897712e47c2924
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e6ce1df52bf2cf5c50c18e9b8ba03639b864dc5da700e45673e3ae0d0734811
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C4912671D40219EFCB14CFA9CC84AEEBBBAFF49320F248159E515B7251D375AA42CB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 006B396B
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 006B3A7A
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006B3A8A
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 006B3C1F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006A0CDF: VariantInit.OLEAUT32(00000000), ref: 006A0D1F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006A0CDF: VariantCopy.OLEAUT32(?,?), ref: 006A0D28
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006A0CDF: VariantClear.OLEAUT32(?), ref: 006A0D34
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 061f2040c6d5312fef3078fe9a8fa1cebad9a90e0b6f89806b3bbf85b304c0ca
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4808ae7f76a45ae96a9aa83dc45fcfd663313c71765ac1081adfd55eaabefc5d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 061f2040c6d5312fef3078fe9a8fa1cebad9a90e0b6f89806b3bbf85b304c0ca
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03917AB56083159FC744DF24C4809AAB7E6FF89314F14882DF8899B351DB30EE46CB96
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0068FF41,80070057,?,?,?,0069035E), ref: 0069002B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0068FF41,80070057,?,?), ref: 00690046
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0068FF41,80070057,?,?), ref: 00690054
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0068FF41,80070057,?), ref: 00690064
                                                                                                                                                                                                                                                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 006B4C51
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006B4D59
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 006B4DCF
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(?), ref: 006B4DDA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                                                            • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 353df73baf4130d8d84d1eac04942656e8986e75d805be9d01aa8c81185e83ac
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 560c67757f96a1987494aa5c114bfce5be14cb2e980ddda0b2465b1a028bc288
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 353df73baf4130d8d84d1eac04942656e8986e75d805be9d01aa8c81185e83ac
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 849108B1D0021DAFDF14DFA4C891EEEBBBABF08310F104569E915A7251DB709A45CFA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenu.USER32(?), ref: 006C2183
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00000000), ref: 006C21B5
                                                                                                                                                                                                                                                                                                                                                            • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 006C21DD
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006C2213
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,?), ref: 006C224D
                                                                                                                                                                                                                                                                                                                                                            • GetSubMenu.USER32(?,?), ref: 006C225B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00693A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00693A57
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00693A3D: GetCurrentThreadId.KERNEL32 ref: 00693A5E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00693A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,006925B3), ref: 00693A65
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 006C22E3
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069E97B: Sleep.KERNEL32 ref: 0069E9F3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4e0807f2a600edd3ac5250e3cbaab9f29520dc374e3875e6ce88c86d8991ee04
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3fa1aab453883d1625762fdbe870ccda472b6a251c79a5a2048999f6ebb9af0e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e0807f2a600edd3ac5250e3cbaab9f29520dc374e3875e6ce88c86d8991ee04
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B716D75A00216AFCB54EF64C851EBEB7F6EF88320F14845DE916AB341DB34EE418B90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32(00CB7770), ref: 006C7F37
                                                                                                                                                                                                                                                                                                                                                            • IsWindowEnabled.USER32(00CB7770), ref: 006C7F43
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 006C801E
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00CB7770,000000B0,?,?), ref: 006C8051
                                                                                                                                                                                                                                                                                                                                                            • IsDlgButtonChecked.USER32(?,?), ref: 006C8089
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(00CB7770,000000EC), ref: 006C80AB
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 006C80C3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3e6b7cd7ae394655172ebed7779be348bae8a453053b7300ddeaebc804cda4ee
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 77d0f1704886c4a2880c1090578c6a2c25656844ab7acde5f2426ff526f78143
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e6b7cd7ae394655172ebed7779be348bae8a453053b7300ddeaebc804cda4ee
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8717774608244AFEB219F64C8D4FFABBBAEF09340F14409DE965973A1CB31A845DF60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 0069AEF9
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 0069AF0E
                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 0069AF6F
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000010,?), ref: 0069AF9D
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000011,?), ref: 0069AFBC
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000012,?), ref: 0069AFFD
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0069B020
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f01172435494d1d9c52be9113ce2a7c0e960c72cd347995cc4f0cd3225d9fc05
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1a58bc9beb5a705c7a9de6a29e2fc8b0607954c56b41e211fd6c9f0b98e824c3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f01172435494d1d9c52be9113ce2a7c0e960c72cd347995cc4f0cd3225d9fc05
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4651DFA0A047D53DFF3683748D49BFABEEE5B06304F089589E1D985DC2C398A8C8D791
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(00000000), ref: 0069AD19
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 0069AD2E
                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 0069AD8F
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0069ADBB
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0069ADD8
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0069AE17
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0069AE38
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3d44e88c053cfbaf5f47588f24bb6a4b64166cac5ac40b14cd2b0a5ad55d2b14
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a8cf5443ea220622814dbb3e948f9a14d31fc91173ca60c3128664f46ee4cda6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d44e88c053cfbaf5f47588f24bb6a4b64166cac5ac40b14cd2b0a5ad55d2b14
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C51E5B05047D13DFF3683A48C45BBA7EEE5F46300F088488E1D546DC2C294EC88E792
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetConsoleCP.KERNEL32(00673CD6,?,?,?,?,?,?,?,?,00665BA3,?,?,00673CD6,?,?), ref: 00665470
                                                                                                                                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 006654EB
                                                                                                                                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 00665506
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00673CD6,00000005,00000000,00000000), ref: 0066552C
                                                                                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,00673CD6,00000000,00665BA3,00000000,?,?,?,?,?,?,?,?,?,00665BA3,?), ref: 0066554B
                                                                                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,00665BA3,00000000,?,?,?,?,?,?,?,?,?,00665BA3,?), ref: 00665584
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 50a0c581095cb575df0d23125b02ea1868adacdefcf7af8a8bb9ea551f9b6bd5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dec3dd0436dcbab47e344bef4bfa9b47e8292357864890b547592ed99d1c1830
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 50a0c581095cb575df0d23125b02ea1868adacdefcf7af8a8bb9ea551f9b6bd5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B51A3B1A006499FDB10CFA8D846AEEBBFAEF09310F14415EF556E7291D730AA41CB64
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006B304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 006B307A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006B304E: _wcslen.LIBCMT ref: 006B309B
                                                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 006B1112
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 006B1121
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 006B11C9
                                                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 006B11F9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 076cb180292e099519fd402c0ca5df0542a60f64c4738d6f7d73b570541e621c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4aa907dc407fb77d828356900631aa0b987e8706b622180b3e8e46318760206a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 076cb180292e099519fd402c0ca5df0542a60f64c4738d6f7d73b570541e621c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C341D475600214AFDB109F18C894BEABBEBEF46364F548059F9199F391C770AD81CBE1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0069CF22,?), ref: 0069DDFD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0069CF22,?), ref: 0069DE16
                                                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 0069CF45
                                                                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0069CF7F
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0069D005
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0069D01B
                                                                                                                                                                                                                                                                                                                                                            • SHFileOperationW.SHELL32(?), ref: 0069D061
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2439aefa657aa49cb3280b62c1e306a287b143aa336d5513c237c05c568db5e0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 369dbb3c70b711e545db354e59c3ca65ce517f84e2c6cbb1b23a9a8c7a51c1aa
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2439aefa657aa49cb3280b62c1e306a287b143aa336d5513c237c05c568db5e0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 034158719051185FDF52EFA4D981EEDB7BEAF44390F0000EAE509EB641EA34A788CB54
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 006C2E1C
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006C2E4F
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006C2E84
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 006C2EB6
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 006C2EE0
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006C2EF1
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 006C2F0B
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c0c3bf3f227dce81e1922cdecbde1ad0d65cfcda22eaeacc183f030515827d2e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cf94f50da91627dcf7eac0d7216ede849df9e0c44ddaf5408eae97f73bb2742d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c0c3bf3f227dce81e1922cdecbde1ad0d65cfcda22eaeacc183f030515827d2e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E311230644256EFDB20DF18DCA4FA537E2EB8A720F1541A8FA04EB2B1CB71A8409B40
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00697769
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0069778F
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00697792
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 006977B0
                                                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 006977B9
                                                                                                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 006977DE
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 006977EC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1654b44ecc3497aa317fa52b9fd4c9afddd87eab7210db5145b1315edc521312
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e540ec056a30c53b76db281dfec17a50c06341d9f771a2e1ff3713b4d382d224
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1654b44ecc3497aa317fa52b9fd4c9afddd87eab7210db5145b1315edc521312
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 81219076614219AFDF10DFA9CC88CFB77EEEB097647048025FA19DB260D670DC428764
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00697842
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00697868
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 0069786B
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32 ref: 0069788C
                                                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32 ref: 00697895
                                                                                                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 006978AF
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 006978BD
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f3f9b86fe70f43fe867b651903390f4161a10e680589fcd2ce17048d7213af60
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 51a949106dcf3d48006ccaee966d6270df876530fb7625ad6772c66c5002abbf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f3f9b86fe70f43fe867b651903390f4161a10e680589fcd2ce17048d7213af60
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9216D31618204AFDF10AFA8DD88DBA77EEEB097607148135F915CB6A1DA70DC41CB64
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(0000000C), ref: 006A04F2
                                                                                                                                                                                                                                                                                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 006A052E
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                            • String ID: nul
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5f3e948519c3595557d64c93c442404c417648f5f5876888ef8912540cb4cfbb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 539ffce12801f324f5b7b6424206b821de2018c5d84199edecf348f850a6442c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f3e948519c3595557d64c93c442404c417648f5f5876888ef8912540cb4cfbb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9021A2709003059FEF20AF29DD04AAA7BB6AF46764F204A18F8A1D22E0D7709D40CF20
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 006A05C6
                                                                                                                                                                                                                                                                                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 006A0601
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                            • String ID: nul
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 499346446244118eedad5688768451772580032636a73f2fa4d2c3d3cb589fad
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ba31994ef18e0d26a02a81f4318494c6fee7e49f3d1d90b87699c1fd8be85a0d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 499346446244118eedad5688768451772580032636a73f2fa4d2c3d3cb589fad
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C2153755003059BEB20AF69DC04EAA77E6BF96734F201A19F9A1E72D0D7709D61CF10
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0063600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0063604C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0063600E: GetStockObject.GDI32(00000011), ref: 00636060
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0063600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0063606A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 006C4112
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 006C411F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 006C412A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 006C4139
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 006C4145
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 560de40bf705cb79d003f88fc7c655ce3a7fc5e650142f5a1104d5dd15b90393
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ef84000ba22a23cfe70ff1147e807a34a0bb0ab34494c6ff1efe8d5a1824428b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 560de40bf705cb79d003f88fc7c655ce3a7fc5e650142f5a1104d5dd15b90393
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A1193B1140119BEEF118F64CC85EF77F9EEF08798F014111FA18A2150CA769C21DBA4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0066D7A3: _free.LIBCMT ref: 0066D7CC
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066D82D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0066D7D1,00000000,00000000,00000000,00000000,?,0066D7F8,00000000,00000007,00000000,?,0066DBF5,00000000), ref: 006629DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006629C8: GetLastError.KERNEL32(00000000,?,0066D7D1,00000000,00000000,00000000,00000000,?,0066D7F8,00000000,00000007,00000000,?,0066DBF5,00000000,00000000), ref: 006629F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066D838
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066D843
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066D897
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066D8A2
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066D8AD
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066D8B8
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5ac71e68ee72cf17c80c0afab7efffc9d34396453aad71ed1b2e5e4c28630cab
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA115E71B40B04ABD6A1BFB1CC47FCB7FDEAF40B00F44092DB299A6092DA65F5058665
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0069DA74
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000), ref: 0069DA7B
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0069DA91
                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000), ref: 0069DA98
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0069DADC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            • %s (%d) : ==> %s: %s %s, xrefs: 0069DAB9
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                                                            • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fb6924840cfd3bbd1395ca0cca18ea532f279d862c1826664c41b32831be6312
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 940bbd5a71df34d43ac54c612a2e50c09ef76ef1204991dcc6329b49427b1d27
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb6924840cfd3bbd1395ca0cca18ea532f279d862c1826664c41b32831be6312
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 950186F25002087FEB10ABA4DD89EF7376DE708311F4054A6F74AE2141EA749E854F74
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00CAF4B0,00CAF4B0), ref: 006A097B
                                                                                                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00CAF490,00000000), ref: 006A098D
                                                                                                                                                                                                                                                                                                                                                            • TerminateThread.KERNEL32(?,000001F6), ref: 006A099B
                                                                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000003E8), ref: 006A09A9
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 006A09B8
                                                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00CAF4B0,000001F6), ref: 006A09C8
                                                                                                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00CAF490), ref: 006A09CF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 95b61838fd2cae543868a3728cf7dd86e971ea0f80af8f915104836abc60f511
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6b806664754e569718a831f88984e32a31566db31b7c42bf2ed292a726625780
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 95b61838fd2cae543868a3728cf7dd86e971ea0f80af8f915104836abc60f511
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9AF01D31442902ABE7415B94EE88EE6BA26FF01712F403015F105908A0C7749965DF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00635D30
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00635D71
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00635D99
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00635ED7
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00635EF8
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9c0d3345a64a6d0f49a824b6b3bb10bbd82a343cc3da7f7847379e0dcd6a81d3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cd41b90beb72414225866b8d9738002a0c7d2841a6c95fd59367474c107f3ee7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c0d3345a64a6d0f49a824b6b3bb10bbd82a343cc3da7f7847379e0dcd6a81d3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00B16835A0074ADBDB10CFA9C4847EAB7F2FF48310F14941AE8AAD7250DB34EA51DB94
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 006600BA
                                                                                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006600D6
                                                                                                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 006600ED
                                                                                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0066010B
                                                                                                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 00660122
                                                                                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00660140
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a1c6192f77c7afdae5a00931750a33ba6e247c02c993b887eb00343520e82c86
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F81E672A00706ABE7249F69CC41BABB3EBAF42324F24453EF951DB781E770D9448794
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006B3149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,006B101C,00000000,?,?,00000000), ref: 006B3195
                                                                                                                                                                                                                                                                                                                                                            • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 006B1DC0
                                                                                                                                                                                                                                                                                                                                                            • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 006B1DE1
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 006B1DF2
                                                                                                                                                                                                                                                                                                                                                            • inet_ntoa.WSOCK32(?), ref: 006B1E8C
                                                                                                                                                                                                                                                                                                                                                            • htons.WSOCK32(?,?,?,?,?), ref: 006B1EDB
                                                                                                                                                                                                                                                                                                                                                            • _strlen.LIBCMT ref: 006B1F35
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006939E8: _strlen.LIBCMT ref: 006939F2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00636D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,0064CF58,?,?,?), ref: 00636DBA
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00636D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,0064CF58,?,?,?), ref: 00636DED
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1923757996-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3994d012792dbedd1e4c02c2028b70acc4e1814769c94ad5a7d5b1dbf23cbd3f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2590c4a08ec25c4aff050050a79fc6dfaed019989c0b3777bba300a568eb862b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3994d012792dbedd1e4c02c2028b70acc4e1814769c94ad5a7d5b1dbf23cbd3f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 91A1C270104300AFC324DF24C895EAA7BEAAF85314F94894CF5565F2A2CB31ED86CB91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,006582D9,006582D9,?,?,?,0066644F,00000001,00000001,8BE85006), ref: 00666258
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0066644F,00000001,00000001,8BE85006,?,?,?), ref: 006662DE
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 006663D8
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 006663E5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00663820: RtlAllocateHeap.NTDLL(00000000,?,00701444,?,0064FDF5,?,?,0063A976,00000010,00701440,006313FC,?,006313C6,?,00631129), ref: 00663852
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 006663EE
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00666413
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9d85ed646d03b093a8aba82df0cfa2790f2e5b0b7c96c9db98d27979596d0233
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7a0dff287d12049d168146d9f2c058a70deec6726ccd5eb38d63b0e41264a5a1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d85ed646d03b093a8aba82df0cfa2790f2e5b0b7c96c9db98d27979596d0233
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C51B172600256ABEB258F64EC81EFF77ABEF45750F154629FC05EA240EB34DD41C6A0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00639CB3: _wcslen.LIBCMT ref: 00639CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006BC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,006BB6AE,?,?), ref: 006BC9B5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006BC998: _wcslen.LIBCMT ref: 006BC9F1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006BC998: _wcslen.LIBCMT ref: 006BCA68
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006BC998: _wcslen.LIBCMT ref: 006BCA9E
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 006BBCCA
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 006BBD25
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 006BBD6A
                                                                                                                                                                                                                                                                                                                                                            • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 006BBD99
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 006BBDF3
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 006BBDFF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9373f2639a9956482720d0b2e3479d3b7856535018df14a3ecbc9765fdc3cf03
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 91acd81dd61a7aafbde48269fe35c0ae7c6c276690f4f132c1760f29b0e0f486
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9373f2639a9956482720d0b2e3479d3b7856535018df14a3ecbc9765fdc3cf03
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F81C270208241EFD714DF24C891EAABBE6FF84318F14995CF4994B2A2CB71ED45CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000035), ref: 0068F7B9
                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000001), ref: 0068F860
                                                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(0068FA64,00000000), ref: 0068F889
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(0068FA64), ref: 0068F8AD
                                                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(0068FA64,00000000), ref: 0068F8B1
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0068F8BB
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fc57a32103499fb5b48540e82cd483b5b26d7e9682fa0c6d02d597fc5ed56271
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 744674723c02424d745db3d2df41f69d99708f45af861770ae7bb5e2c168743e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc57a32103499fb5b48540e82cd483b5b26d7e9682fa0c6d02d597fc5ed56271
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D51B731A00310BACF64BF65D895B69B3E7EF45310F24956BE905EF291DB708C41CBAA
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00637620: _wcslen.LIBCMT ref: 00637625
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00636B57: _wcslen.LIBCMT ref: 00636B6A
                                                                                                                                                                                                                                                                                                                                                            • GetOpenFileNameW.COMDLG32(00000058), ref: 006A94E5
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006A9506
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006A952D
                                                                                                                                                                                                                                                                                                                                                            • GetSaveFileNameW.COMDLG32(00000058), ref: 006A9585
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                                                                            • String ID: X
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4d6464d07e8d662dfcd6750eed5884fa6f5734f8eda1fa0451e2b72244235e80
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b2a3cd4d99902eec7db1e2c249be0c27da1848d12c7fcccc93e3afe255ac2019
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d6464d07e8d662dfcd6750eed5884fa6f5734f8eda1fa0451e2b72244235e80
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9E181319083509FD764EF24C481A6AB7E2BF85314F14896DF8899B3A2DB31DD05CFA6
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00649BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00649BB2
                                                                                                                                                                                                                                                                                                                                                            • BeginPaint.USER32(?,?,?), ref: 00649241
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 006492A5
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 006492C2
                                                                                                                                                                                                                                                                                                                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 006492D3
                                                                                                                                                                                                                                                                                                                                                            • EndPaint.USER32(?,?,?,?,?), ref: 00649321
                                                                                                                                                                                                                                                                                                                                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 006871EA
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00649339: BeginPath.GDI32(00000000), ref: 00649357
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5c033eca0e0f4abf6b6898d88fb37703c1f93876195a1cf9357913b604c96b2a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bda3ec896babdc9ba1d21f1daf805be0366f72daa07c9b6374aad90e90ccbae0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5c033eca0e0f4abf6b6898d88fb37703c1f93876195a1cf9357913b604c96b2a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C419D30144240EFD721DF25CC88FBB7BAAEF86324F144269F994872E1CB71A945DB61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F5), ref: 006A080C
                                                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 006A0847
                                                                                                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 006A0863
                                                                                                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 006A08DC
                                                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 006A08F3
                                                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 006A0921
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 37ebde2232a02108821094580ff14d54f78bfeef797e025cf9801f11fa4d6766
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: eaf372dd3a4977587e7cef7da65df868ee3978866f7c097251f82ac181342373
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 37ebde2232a02108821094580ff14d54f78bfeef797e025cf9801f11fa4d6766
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B418971900205EFEF04AF54DC85AAAB7BAFF05310F1440A9ED049A297DB34EE65DBA4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0068F3AB,00000000,?,?,00000000,?,0068682C,00000004,00000000,00000000), ref: 006C824C
                                                                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,00000000), ref: 006C8272
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000000), ref: 006C82D1
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000004), ref: 006C82E5
                                                                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,00000001), ref: 006C830B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 006C832F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: aca1819a518423e9285c4dccde99b747d07472688694b13181b5e6854c7e05f4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 34e0296d85d26f7c9d415a10b9cde3696c444b11e0d0cbd22ed8c34e6e6ff788
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aca1819a518423e9285c4dccde99b747d07472688694b13181b5e6854c7e05f4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22418E34601684EFDB21CF55C899FF47BE2FB4A714F1852ADE5084B2A2CB35A941CB94
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(?), ref: 00694C95
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00694CB2
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00694CEA
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00694D08
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00694D10
                                                                                                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 00694D1A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 57b4528dfb0a2ca0bdc48c2f30718e581d02982fa39ff085a402d258e82b80c4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b09b61f8307ab9e6de0cfc4a6b2bf4ba6d492ed3ee07d4250eac5c9a1ec43381
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57b4528dfb0a2ca0bdc48c2f30718e581d02982fa39ff085a402d258e82b80c4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7621F935604200BBEF155B35DD49E7B7B9EDF45760F10402DF809CA291EE61DC4296A0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00633AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00633A97,?,?,00632E7F,?,?,?,00000000), ref: 00633AC2
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006A587B
                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 006A5995
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(006CFCF8,00000000,00000001,006CFB68,?), ref: 006A59AE
                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 006A59CC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e00d5a1a9fc48b156b72a67f80484215924bc2f7bfddc327c93efeb368947295
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a48a87345789874e3c66622fc1bef3c8db4c3f8a1686f4a88e23f827ae9cb3a1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e00d5a1a9fc48b156b72a67f80484215924bc2f7bfddc327c93efeb368947295
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 36D144756086019FC714EF15C490A6ABBE6FF8A720F14885DF88A9B361DB31EC45CF92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00690FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00690FCA
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00690FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00690FD6
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00690FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00690FE5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00690FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00690FEC
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00690FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00691002
                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000000,00691335), ref: 006917AE
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000000), ref: 006917BA
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 006917C1
                                                                                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 006917DA
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00691335), ref: 006917EE
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 006917F5
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7b5675f80dc0f669d4937243d7ee998254505acad5d7c43f2682ac07928bfac3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9e48a3e1659e810a77a9cdd592359de6eaa93ceb10556cc301088cee8d520f71
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b5675f80dc0f669d4937243d7ee998254505acad5d7c43f2682ac07928bfac3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28116A32600606EFDF109FA5CC49FFE7BAEEB46365F244018F4459B620D736AA45DB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 006914FF
                                                                                                                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00691506
                                                                                                                                                                                                                                                                                                                                                            • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00691515
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000004), ref: 00691520
                                                                                                                                                                                                                                                                                                                                                            • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0069154F
                                                                                                                                                                                                                                                                                                                                                            • DestroyEnvironmentBlock.USERENV(00000000), ref: 00691563
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b0c7079e5afc7de5748f68d250af9afe378a67d803cb0fb98afa4703337ceabf
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4d4b5fe76455b676267084c0bb1d4704adbad01d74ce14aca1b819a99e70f901
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b0c7079e5afc7de5748f68d250af9afe378a67d803cb0fb98afa4703337ceabf
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85114AB250020AABDF11CF94DD49FEA7BAEFB49754F154014FA09A6160C3758E619B60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00653379,00652FE5), ref: 00653390
                                                                                                                                                                                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0065339E
                                                                                                                                                                                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 006533B7
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,00653379,00652FE5), ref: 00653409
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: deaeeecf6963baff66c1c99d005c9fec845de13a785e2deedb52f4c039fc29b6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d87b8a2b503d6e2a544bfa48efde14151040390cd1f4c345aec2eb15b378f99d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: deaeeecf6963baff66c1c99d005c9fec845de13a785e2deedb52f4c039fc29b6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1201B532609335AEE7552774BD959B62A97DB15BFBF20022DFC10853F0EF124D0A9548
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00665686,00673CD6,?,00000000,?,00665B6A,?,?,?,?,?,0065E6D1,?,006F8A48), ref: 00662D78
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00662DAB
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00662DD3
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,0065E6D1,?,006F8A48,00000010,00634F4A,?,?,00000000,00673CD6), ref: 00662DE0
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,0065E6D1,?,006F8A48,00000010,00634F4A,?,?,00000000,00673CD6), ref: 00662DEC
                                                                                                                                                                                                                                                                                                                                                            • _abort.LIBCMT ref: 00662DF2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 79df11afdf8becf11b6d6bb8b59587db6f600947e61d7904dbc6f2853f2927d8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 84ef3c46291a669d2e4dd12e9c222b46090dcdf1a71065c097458539f31dc03c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79df11afdf8becf11b6d6bb8b59587db6f600947e61d7904dbc6f2853f2927d8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92F0C831A04E4367C3526739BC36EAE255FAFC27B1F25051CF828923D2EF2489025264
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00649639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00649693
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00649639: SelectObject.GDI32(?,00000000), ref: 006496A2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00649639: BeginPath.GDI32(?), ref: 006496B9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00649639: SelectObject.GDI32(?,00000000), ref: 006496E2
                                                                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 006C8A4E
                                                                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,00000003,00000000), ref: 006C8A62
                                                                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 006C8A70
                                                                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,00000000,00000003), ref: 006C8A80
                                                                                                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 006C8A90
                                                                                                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 006C8AA0
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 95df582d864c9f61c03b1cf2fdeae83e50bac5da9f9bbf8b8780d89beb6a280e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9b51ea21ac2c3e9ea560ad0f1914b36f3ed4f2c87e68c3b5f967e96433b17d10
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 95df582d864c9f61c03b1cf2fdeae83e50bac5da9f9bbf8b8780d89beb6a280e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47110C76500148FFDB119F90DC48EEA7F6DEB04364F048015FA5996161C7729D55DFA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00695218
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 00695229
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00695230
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00695238
                                                                                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0069524F
                                                                                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00695261
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8ce79ec3487a0904cac93e92676bdf2579667c82b1985c9c097b73590c67d13b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a8ad2170a3681884bed36e813a93e36a87ea2eaa006833deba603589be4332b4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ce79ec3487a0904cac93e92676bdf2579667c82b1985c9c097b73590c67d13b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4018475A01704BBEF105BA69C49E5EBF79EB44361F044066FA09A7280D6709900CB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00631BF4
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 00631BFC
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00631C07
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00631C12
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 00631C1A
                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00631C22
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 401b396637d4de2aa52170343409ac3a33a33dc9aa844efa54036d259ee5d8ea
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5f8d45e1b26a60ec8e1f6ea8ac9c405bd6fa4b597f38a7d2339b0a1d449ebdea
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 401b396637d4de2aa52170343409ac3a33a33dc9aa844efa54036d259ee5d8ea
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B40167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BE15C4BA42C7F5A864CBE5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0069EB30
                                                                                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0069EB46
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 0069EB55
                                                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0069EB64
                                                                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0069EB6E
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0069EB75
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 86c5c9c2b677bc55e36a366e131dcb60c2f5ab323af713521cdf46cf40f021a6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2fd2cdd5cf60b1c2a907e383c312e3e9bb1b92b661a1127d5aa44c6ea7c04c23
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 86c5c9c2b677bc55e36a366e131dcb60c2f5ab323af713521cdf46cf40f021a6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5BF0BE72600558BBE7205B639D0EEFF3E7DEFCAB25F001158F605D1490D7A01A01C6B4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?), ref: 00687452
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001328,00000000,?), ref: 00687469
                                                                                                                                                                                                                                                                                                                                                            • GetWindowDC.USER32(?), ref: 00687475
                                                                                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,?,?), ref: 00687484
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00687496
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000005), ref: 006874B0
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 11451fa52282c2053de03c255314352f6b0b4afe8689ecd951dee76200721c60
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ede9d0444b83058bd9d1cbe3e67b81e87ac5486999e9e3e0282e2d60e95bb35e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 11451fa52282c2053de03c255314352f6b0b4afe8689ecd951dee76200721c60
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7014B31400215EFDB51AFA4DD08FFE7BB6FB04321F655164F919A21A1CB316E52AB50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0069187F
                                                                                                                                                                                                                                                                                                                                                            • UnloadUserProfile.USERENV(?,?), ref: 0069188B
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00691894
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0069189C
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 006918A5
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 006918AC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5d608b9ceba4c780e3d9c17948daa84e335c2087f3b2fd4ab92b7c3c9b822cda
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 52d2bbf725a907b2efd2ce45542b7242bd1ea9397fa8d6adee914378a3982bc8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d608b9ceba4c780e3d9c17948daa84e335c2087f3b2fd4ab92b7c3c9b822cda
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CAE0C236404901BBDB015BA2ED0CD1ABB2AFB49B32B109220F229C1870CB329420EB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 0063BEB3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                            • String ID: D%p$D%p$D%p$D%pD%p
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1385522511-3296756584
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b1a00621a1043fe36e9f04ded98f818f9fc1729447c8d9423193537e18f50da8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9d456e959021082e22f2cec1f720a39590c2280484583b9432abf9732a04e4a0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b1a00621a1043fe36e9f04ded98f818f9fc1729447c8d9423193537e18f50da8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5914A75A0020ACFCB28CF58C4916A9B7F2FF58314F24A16EDA45AB351D771E982CBD4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00650242: EnterCriticalSection.KERNEL32(0070070C,00701884,?,?,0064198B,00702518,?,?,?,006312F9,00000000), ref: 0065024D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00650242: LeaveCriticalSection.KERNEL32(0070070C,?,0064198B,00702518,?,?,?,006312F9,00000000), ref: 0065028A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00639CB3: _wcslen.LIBCMT ref: 00639CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006500A3: __onexit.LIBCMT ref: 006500A9
                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 006B7BFB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006501F8: EnterCriticalSection.KERNEL32(0070070C,?,?,00648747,00702514), ref: 00650202
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006501F8: LeaveCriticalSection.KERNEL32(0070070C,?,00648747,00702514), ref: 00650235
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: +Th$5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 535116098-3802862433
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b5f1faf2a6db4a05393cfef14507d0f892e7498beadf8edd308c0b1d09ef78b1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2b4353b75cc87b5c688d85f0c8d10c027345224a1a7fcda4b5c0e0744e5b7a31
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b5f1faf2a6db4a05393cfef14507d0f892e7498beadf8edd308c0b1d09ef78b1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B9169B0A04209AFCB14EF94D8919EDBBB2EF84340F10805DF8069B392DB71AE81CB55
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00637620: _wcslen.LIBCMT ref: 00637625
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0069C6EE
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0069C735
                                                                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0069C79C
                                                                                                                                                                                                                                                                                                                                                            • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0069C7CA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 721a5e62cb6ba843107d834a55f1881086cff93084dbfcfac36433b4c357cce6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ee84b3c510d12959e9e622422b7374f3956d899c6e19ad21a11639f541f1ee87
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 721a5e62cb6ba843107d834a55f1881086cff93084dbfcfac36433b4c357cce6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D51F1716043009BDB509F68C885BAB77EEAF49320F040A2DF995D7AD0DB74D804DB96
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ShellExecuteExW.SHELL32(0000003C), ref: 006BAEA3
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00637620: _wcslen.LIBCMT ref: 00637625
                                                                                                                                                                                                                                                                                                                                                            • GetProcessId.KERNEL32(00000000), ref: 006BAF38
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 006BAF67
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 68b4178cf8eee7f4198b97b034cbed63b2954117a26d377a703ed7288f6d6300
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 66c3180b962e26fe50efd90d33ff5f7bb5ad55639e633ca268ffe27dd56965a6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68b4178cf8eee7f4198b97b034cbed63b2954117a26d377a703ed7288f6d6300
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D67168B1A00619DFCB14DF94C484A9EBBF2BF08310F04849DE856AB362CB75ED85CB95
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00697206
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0069723C
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0069724D
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 006972CF
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0c3bc331a6105f36d0c694b402ea4dc780510cff346b17d9f11db257aa0ebde6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4cd26c8b32087e9b193c6646c5f30a94cd99158c0e9e38bd41f08aa237d634de
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c3bc331a6105f36d0c694b402ea4dc780510cff346b17d9f11db257aa0ebde6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35415071624204DFDF15CF54C884AAA7BAEEF44710F1580AEFD059F60AD7B1DA45CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 006C3E35
                                                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 006C3E4A
                                                                                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 006C3E92
                                                                                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32 ref: 006C3EA5
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bb8ff13b504074f6c8578c2cf0bbb934bf561a9a054455e002b24f879c0f6284
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9dee71c912b263ac9a2af47afd5c9ae5a975eecd0bc74769b1946efcbc93be03
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bb8ff13b504074f6c8578c2cf0bbb934bf561a9a054455e002b24f879c0f6284
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51413675A00219EFDB10DF50D884EEABBBAFF49364F04816EE905A7350D730AE55CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00639CB3: _wcslen.LIBCMT ref: 00639CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00693CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00693CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00691E66
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00691E79
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000189,?,00000000), ref: 00691EA9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00636B57: _wcslen.LIBCMT ref: 00636B6A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fd7d840e9750d8eca165403f1cc5c9544ff59864304892582698a87e293ce1d0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8248cf6d09054c5d7a1f1116d797c65019e0748587fa4bbecdaf7a6e5d5c924a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd7d840e9750d8eca165403f1cc5c9544ff59864304892582698a87e293ce1d0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC212671A00104BADF149B60CC45CFFBBBFDF42360F20411DF815A76E0DB7449068A60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: HKEY_LOCAL_MACHINE$HKLM
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 176396367-4004644295
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 02a71843e759bdcb52d5add4abbba9d3607253fdd495a2d5a818caefe3b4772a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3d56c80d79227755962481244229b5737eda090d5c661f0d3a52c7df037d37bc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 02a71843e759bdcb52d5add4abbba9d3607253fdd495a2d5a818caefe3b4772a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D931D0B2A0016A8ACB20DF2C98515FE37A39BA1764F154029EC45AB385EA71CFC493A4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 006C2F8D
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(?), ref: 006C2F94
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 006C2FA9
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 006C2FB1
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 07d4307deba13bea37ee4488ac1d84233332dd8eb16b93c5807c3651ff06f828
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 02b0680ea10bbeeac24aa83e116a62b871f01c0efa7951e08d7e2adf6b7dba67
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07d4307deba13bea37ee4488ac1d84233332dd8eb16b93c5807c3651ff06f828
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E21DC7124020AABEB208F64DCA0FBB37BEEB58324F10521CFE20D2290C731DC419760
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00654D1E,006628E9,?,00654CBE,006628E9,006F88B8,0000000C,00654E15,006628E9,00000002), ref: 00654D8D
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00654DA0
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00654D1E,006628E9,?,00654CBE,006628E9,006F88B8,0000000C,00654E15,006628E9,00000002,00000000), ref: 00654DC3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 12a3d9d8d89b54efab13fe1a1b2fb60884e2a4f6a6153048c09efe9935282582
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bff3eba58b4085affde322c26a6174dfe9fca2e136bd60adc35fe8cd9005cb71
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12a3d9d8d89b54efab13fe1a1b2fb60884e2a4f6a6153048c09efe9935282582
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68F04434940208BBEB115F95DC49FEDBFB6EF44766F040195FC09A6650CF315984CA90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00634EDD,?,00701418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00634E9C
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00634EAE
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00634EDD,?,00701418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00634EC0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d48e710edfdf4c339f571d78b4a2bb2318ab1331c2af5cd9ebac66d5b55353b0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: df61961f3e8c086b1c0dd2f398b967eedef4a1db5b6fa47ac07470d7c19f382b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d48e710edfdf4c339f571d78b4a2bb2318ab1331c2af5cd9ebac66d5b55353b0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4FE08635E016225BD32117266C18FBBA556AFC1B72B090115FD08D2310DF60DD0640E0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00673CDE,?,00701418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00634E62
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00634E74
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00673CDE,?,00701418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00634E87
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e089f4cbdade61bd638d4c740e834c0cd9f93432cf2a0605961d081a0f861985
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 53bf2c0137099204c53f70a7ee919b3d965e6e5990f9f9ab50b94ddb1a7750cc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e089f4cbdade61bd638d4c740e834c0cd9f93432cf2a0605961d081a0f861985
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AFD0123690263157D7221B66AC18EEBAA1BAF85F7170A0515F909A2214CF60DD0285D0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 006A2C05
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?), ref: 006A2C87
                                                                                                                                                                                                                                                                                                                                                            • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 006A2C9D
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 006A2CAE
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 006A2CC0
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 969a1757255d06f07a3e4305ad6a600c578e917c8afc3533f329471d370d526c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 97108c9013a8c8f7c06decbddf28f172b97ecbc5452f9b9c4768af79dd7f90a9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 969a1757255d06f07a3e4305ad6a600c578e917c8afc3533f329471d370d526c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2FB15071900119ABDF55EBA8CC95EDEB7BEEF09310F1040AAF609E7141EB319E448FA5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 006BA427
                                                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 006BA435
                                                                                                                                                                                                                                                                                                                                                            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 006BA468
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 006BA63D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1236acb2c1b584da05dfd18185e1bca1818afb8cfc5c09e231cedc8e5a95fe8b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9183ffc3e831ca95438ba75a79ccd72ea26faf2e73272bc7939c0435db3b9434
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1236acb2c1b584da05dfd18185e1bca1818afb8cfc5c09e231cedc8e5a95fe8b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9A1A4B16043009FD760DF14C886F6AB7E6AF84714F14885DF5999B392D770EC41CB95
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0069CF22,?), ref: 0069DDFD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0069CF22,?), ref: 0069DE16
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069E199: GetFileAttributesW.KERNEL32(?,0069CF95), ref: 0069E19A
                                                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 0069E473
                                                                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0069E4AC
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0069E5EB
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0069E603
                                                                                                                                                                                                                                                                                                                                                            • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0069E650
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0c11385fe45a12284d7ca9dc4c4f00e3234613ed6d9f62245dfe8bb58694324b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9ce26c71496867b8d46fc7fb458bed90c6e30c8f0f5cf0f674434fe4e862aa01
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c11385fe45a12284d7ca9dc4c4f00e3234613ed6d9f62245dfe8bb58694324b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA5164B24083459BCB64DB90D8819DFB3EEAF85350F00491EF589D3191EF75A68CCB6A
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00639CB3: _wcslen.LIBCMT ref: 00639CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006BC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,006BB6AE,?,?), ref: 006BC9B5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006BC998: _wcslen.LIBCMT ref: 006BC9F1
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006BC998: _wcslen.LIBCMT ref: 006BCA68
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006BC998: _wcslen.LIBCMT ref: 006BCA9E
                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 006BBAA5
                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 006BBB00
                                                                                                                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 006BBB63
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?), ref: 006BBBA6
                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 006BBBB3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c9ab25aba2d18f6a95ff8a2d255c78ec399a3eb7cc307db05a20e8bb6bc42ce4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a5bb57caa4bfd6e035dfec3957e6f994a022e2b0ef5089e4bfd1033e6e65f162
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9ab25aba2d18f6a95ff8a2d255c78ec399a3eb7cc307db05a20e8bb6bc42ce4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A61A371208241AFD714DF14C890EAABBE6FF84318F14995CF4994B2A2DB71ED85CB92
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00698BCD
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32 ref: 00698C3E
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32 ref: 00698C9D
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00698D10
                                                                                                                                                                                                                                                                                                                                                            • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00698D3B
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7f94cf4dee8f6ecdcc5f0d734e2de95ef48e120867888bdce947c69015a6a6d9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5d223ce974b986d366252a2ad83e59f381d1fbba38d94d91fa1c10cd5a590fa5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f94cf4dee8f6ecdcc5f0d734e2de95ef48e120867888bdce947c69015a6a6d9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 825137B5A00619EFCB14CF68C894EAAB7FAFF89314B158559E909DB350E730E911CF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 006A8BAE
                                                                                                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 006A8BDA
                                                                                                                                                                                                                                                                                                                                                            • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 006A8C32
                                                                                                                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 006A8C57
                                                                                                                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 006A8C5F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e866e7f016af70057c98e31364a6dfe5eba0b6609d8c8b26ef0fed10e4771c9b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0245341e486b5ace1d32e10aff3e61bd4b919025233954a6ee17012b0f185b5f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e866e7f016af70057c98e31364a6dfe5eba0b6609d8c8b26ef0fed10e4771c9b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E3515E75A002189FCB14DF65C880E69BBF6FF49324F088458E84AAB362CB35ED51CF94
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(?,00000000,?), ref: 006B8F40
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 006B8FD0
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 006B8FEC
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 006B9032
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 006B9052
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0064F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,006A1043,?,753CE610), ref: 0064F6E6
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0064F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0068FA64,00000000,00000000,?,?,006A1043,?,753CE610,?,0068FA64), ref: 0064F70D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e640120a13c63dae7b4f6eeca3e963c193a2801ef79c4ed68f34a5715d635910
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 43f7e8b232f797251628c9c805de59b81290f9d28e7dceace772752dab938565
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e640120a13c63dae7b4f6eeca3e963c193a2801ef79c4ed68f34a5715d635910
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78512975604205DFCB15EF58C4948EDBBB6FF49324F098098E90A9B362DB31ED86CB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000002,000000F0,?), ref: 006C6C33
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,?), ref: 006C6C4A
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 006C6C73
                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,006AAB79,00000000,00000000), ref: 006C6C98
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 006C6CC7
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d02cb28e4bc5f31c413c7be98638068d48adab1c0c55a23afbffa8d398a99839
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f0c31a7fd8187a4e997a09489c2e7aa8da1a3b3ed3e9e86a81bc64be6529e2a3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d02cb28e4bc5f31c413c7be98638068d48adab1c0c55a23afbffa8d398a99839
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E41CD35A00144AFDB24CF28CD58FF97BA6EB09360F15026CF899A73A0C771AD51CA88
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 57bd07a36d1ef9bf1e0a3f8f50bf4ca5592ff4d1785aebda4bc97be3caa530c4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 07e1dd9b8ec4335f5ccf0e9c64b95bb418e28053132b1184cf1804919b89d43f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57bd07a36d1ef9bf1e0a3f8f50bf4ca5592ff4d1785aebda4bc97be3caa530c4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C410632A00605AFCB24DF78C990A9DB7F6EF89314F1545ACEA15EB351DB31AD01CB80
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00649141
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(00000000,?), ref: 0064915E
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000001), ref: 00649183
                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000002), ref: 0064919D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 94957f42f7f93638e3c108de1052841855a297a43460a726fdea73f78550847b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a7e732b04071d1bf399310b68df9aa65906e17c3d3131984bdac8e4a8af6e212
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 94957f42f7f93638e3c108de1052841855a297a43460a726fdea73f78550847b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC41407190851BBBDF15AF64C848BFEB776FB05324F244319E469A72D0C730A950CB61
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetInputState.USER32 ref: 006A38CB
                                                                                                                                                                                                                                                                                                                                                            • TranslateAcceleratorW.USER32(?,00000000,?), ref: 006A3922
                                                                                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 006A394B
                                                                                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 006A3955
                                                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 006A3966
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dda37dc97425e5d1cfb4309fdb14238ad10a98fdda94e77d12b678774f815c93
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fc7d0ac2919993d502bdb233d3333dedf8a9ea9e51ad367dcccf10dbdcdb1ffb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dda37dc97425e5d1cfb4309fdb14238ad10a98fdda94e77d12b678774f815c93
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF31A370904351DEEB25EB249848BF777AAAB06304F44856DF456823E0F7B8AE85CF11
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,006AC21E,00000000), ref: 006ACF38
                                                                                                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,00000000,?,?), ref: 006ACF6F
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,?,?,?,006AC21E,00000000), ref: 006ACFB4
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,006AC21E,00000000), ref: 006ACFC8
                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,006AC21E,00000000), ref: 006ACFF2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: affaadd61d91f29ad403bcd2f1d7771be6360c53cda274972f64a3fb3f27424c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b68a0b769d520dc203b9f45645ec1de6fc5474f5eea19163d1989b6df4bb7c7f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: affaadd61d91f29ad403bcd2f1d7771be6360c53cda274972f64a3fb3f27424c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3314F71504205AFDB20EFA5C884DABBBFBEF15361B10442EF51AD2241DB30AE41DF60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00691915
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000001,00000201,00000001), ref: 006919C1
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?), ref: 006919C9
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000001,00000202,00000000), ref: 006919DA
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?), ref: 006919E2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 03a3f63d28b53c5c87aad4503bb1726ccc31956fe4e18b35f8e4906effe1c9da
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5268f71eacb100a5c850cafc7e2cf07ebb854715904fc3dfff94cec826d40ce3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 03a3f63d28b53c5c87aad4503bb1726ccc31956fe4e18b35f8e4906effe1c9da
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7731D67190021AEFDF00CFA8CD59AEE3BBAEB45325F104225F925AB2D1C7709D44DB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001053,000000FF,?), ref: 006C5745
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001074,?,00000001), ref: 006C579D
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006C57AF
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006C57BA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 006C5816
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5a32202264756b49be8ad025ee4f571a20d7d56fce4ee56bbfdcd256b5c61e96
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 32d118e0442e683f80fa2dd4d50ebea73d9fa91e1eb77787aad2540d6af4f0fd
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a32202264756b49be8ad025ee4f571a20d7d56fce4ee56bbfdcd256b5c61e96
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 712161719046189ADB209F60CC85FFE77BEFF04724F10825AE92AAA280D770A9C5CF50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32(00000000), ref: 006B0951
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 006B0968
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 006B09A4
                                                                                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,?,00000003), ref: 006B09B0
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000003), ref: 006B09E8
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 792b9d31dbda99b4289880b531286bad34581d4df334dd6496a621f455945022
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 767d6ca29105ec2348b2932846bdbcac171dab2fae447952e68e5163c82e5017
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 792b9d31dbda99b4289880b531286bad34581d4df334dd6496a621f455945022
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29218175600204AFD744EF65C984EAEBBEAEF49750F04906CF84A97752CB30AC44CF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 0066CDC6
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0066CDE9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00663820: RtlAllocateHeap.NTDLL(00000000,?,00701444,?,0064FDF5,?,?,0063A976,00000010,00701440,006313FC,?,006313C6,?,00631129), ref: 00663852
                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0066CE0F
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066CE22
                                                                                                                                                                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0066CE31
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9cb36099e04a285998dd546cde874fe18ba5bb4fa82dd35526f483d22d5c62eb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8965ddd50685a5e5d0822dcc8c8c9444b6dc19ae2706a29c1f2dba52a137a14c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9cb36099e04a285998dd546cde874fe18ba5bb4fa82dd35526f483d22d5c62eb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A018872A01A157FA32116BA6C58DBB797FDEC6FB1315012DF949C7201DA668D0281F4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00649693
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 006496A2
                                                                                                                                                                                                                                                                                                                                                            • BeginPath.GDI32(?), ref: 006496B9
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 006496E2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a42f21270608767684cb7116b453c3897a9e41bc4bcae027b6effcadb291d5a4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f309db705f02ce14c8230dd9bd173f8316f3de062009189f2b3757dbb1b41911
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a42f21270608767684cb7116b453c3897a9e41bc4bcae027b6effcadb291d5a4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D218330852345EFEF11DF25EC18BFA3B66BB51325F518315F414961B0D774A852CBA8
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: edfd8b835bd10de71e588b89ff46011a49de50cd88cf2e63621862b94b45f610
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f5fd96d59e64a1193ab284e1ef4892a9649198ec28cf37216841123dd13b21ce
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: edfd8b835bd10de71e588b89ff46011a49de50cd88cf2e63621862b94b45f610
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8801F561341609BBDA095650ADA2FFB735FDB21395F004028FD069EA41FB30EF1583A5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,0065F2DE,00663863,00701444,?,0064FDF5,?,?,0063A976,00000010,00701440,006313FC,?,006313C6), ref: 00662DFD
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00662E32
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00662E59
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,00631129), ref: 00662E66
                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,00631129), ref: 00662E6F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d4644ba10928bba67e25998af4e18b3a877e4870f72d16f28984c1ab2ca58964
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: eb692c8894d5016c743faf49a3cf3b6cf6a54ad5a379fedc9b95cfde720f44b7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d4644ba10928bba67e25998af4e18b3a877e4870f72d16f28984c1ab2ca58964
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6701F436645E0267C71267366CA5D7B265FABD17B5B25013CF529A23D2EF268C024160
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0068FF41,80070057,?,?,?,0069035E), ref: 0069002B
                                                                                                                                                                                                                                                                                                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0068FF41,80070057,?,?), ref: 00690046
                                                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0068FF41,80070057,?,?), ref: 00690054
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0068FF41,80070057,?), ref: 00690064
                                                                                                                                                                                                                                                                                                                                                            • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0068FF41,80070057,?,?), ref: 00690070
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7133a15f13d627b2ca2f7183829f6e88408e4ac326cee3977c952b63d6fb2316
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 011180f0d0fb4457048e96366bd9f65a4d6f8e2b0973733e79ff877ae0aff129
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7133a15f13d627b2ca2f7183829f6e88408e4ac326cee3977c952b63d6fb2316
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BA018B72601204BFEF108F68DC08FAA7EEFEB447A2F145124F909D2210E771DD408BA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 0069E997
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceFrequency.KERNEL32(?), ref: 0069E9A5
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 0069E9AD
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 0069E9B7
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32 ref: 0069E9F3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 002f45b503353e02cc39ff10d67b90c4ba890d50764d4988ebe80355a193b7c1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b9db18ec70318393340d28f57f91668e7b0b47d1a80735129038e4efa18c2d9c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 002f45b503353e02cc39ff10d67b90c4ba890d50764d4988ebe80355a193b7c1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71015331C01629DBCF00EBE5DC59AEDBB7AFB09320F050946E902B2641CB399A519BA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00691114
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,00690B9B,?,?,?), ref: 00691120
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00690B9B,?,?,?), ref: 0069112F
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00690B9B,?,?,?), ref: 00691136
                                                                                                                                                                                                                                                                                                                                                            • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0069114D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1df8eee91f6150fc40dc3ada4f968a6976db100b0159aac90cfa9ab69b6834be
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 16df76b6714102c32dc4c128aaec55c5c231e5ffc552878e929b0c7f9933547b
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1df8eee91f6150fc40dc3ada4f968a6976db100b0159aac90cfa9ab69b6834be
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90011975200205BFDB114FA5DC4DEAA3B6FEF8A3A0B244419FA49D7360DB31DC019A60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00690FCA
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00690FD6
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00690FE5
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00690FEC
                                                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00691002
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 595c5aa419bba969082a22a6f23329be9cf6d40de348af7cc99cb09d26107537
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: da6660a2e51ed2ae817dfac063adfb327fe3cff74ee41337d34667525721c31a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 595c5aa419bba969082a22a6f23329be9cf6d40de348af7cc99cb09d26107537
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1FF04F35200701ABDB214FA5DC49FA63B6EFF8A761F244414F949CB651CA71DC40CA60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0069102A
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00691036
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00691045
                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0069104C
                                                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00691062
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3b2a89806c100c38da38f1b8401fd5c9e277ecac6f3786d85656e5d19712f365
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3df227716a0701eb82a87f29e41b034819e2da5cf4739c777b4baeb66fe4f23f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b2a89806c100c38da38f1b8401fd5c9e277ecac6f3786d85656e5d19712f365
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4CF06235200705EBDB215FA5EC49FA63B6FFF8A761F240414F949CB650CE72D8808A60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,006A017D,?,006A32FC,?,00000001,00672592,?), ref: 006A0324
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,006A017D,?,006A32FC,?,00000001,00672592,?), ref: 006A0331
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,006A017D,?,006A32FC,?,00000001,00672592,?), ref: 006A033E
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,006A017D,?,006A32FC,?,00000001,00672592,?), ref: 006A034B
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,006A017D,?,006A32FC,?,00000001,00672592,?), ref: 006A0358
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,006A017D,?,006A32FC,?,00000001,00672592,?), ref: 006A0365
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 395a0aba2be4b00fab66cb645759c345d4d7930f229da0a0259d453c41530203
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6b71d799e084f71c53d4040df81e5ddba163bab31bbacf67dae3e94de7bdbcba
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 395a0aba2be4b00fab66cb645759c345d4d7930f229da0a0259d453c41530203
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5401AE76800B169FDB30AF66D880852FBFABF613153158A3FD19652A31C3B1AD58DF80
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066D752
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0066D7D1,00000000,00000000,00000000,00000000,?,0066D7F8,00000000,00000007,00000000,?,0066DBF5,00000000), ref: 006629DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006629C8: GetLastError.KERNEL32(00000000,?,0066D7D1,00000000,00000000,00000000,00000000,?,0066D7F8,00000000,00000007,00000000,?,0066DBF5,00000000,00000000), ref: 006629F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066D764
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066D776
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066D788
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066D79A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d6799d43ed881b5c625de54ca6118b8dfca791ff041e342baa33866f89647a16
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 676963c6985b0125f80c99e657f75e535af9dc10bfcdeae2561584517843d159
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6799d43ed881b5c625de54ca6118b8dfca791ff041e342baa33866f89647a16
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CF06232B00609ABC765EB65FAC1C6A7FDFBB44760B941809F058D7601CB30FC80C665
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00695C58
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(00000000,?,00000100), ref: 00695C6F
                                                                                                                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 00695C87
                                                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,0000040A), ref: 00695CA3
                                                                                                                                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000001), ref: 00695CBD
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5e6913e739ce20787fe399a67d52dc3bcf136ea3e02b3a230d55383f95931d54
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f28ce349d550acf7b88288895049f2702f837323eae3ad2f924c910fc08ee78d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e6913e739ce20787fe399a67d52dc3bcf136ea3e02b3a230d55383f95931d54
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C016D30500B04EBEF215B15DE4EFE677BEBB00B15F00155DE687A19E1DBF0A9848B91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 006622BE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0066D7D1,00000000,00000000,00000000,00000000,?,0066D7F8,00000000,00000007,00000000,?,0066DBF5,00000000), ref: 006629DE
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006629C8: GetLastError.KERNEL32(00000000,?,0066D7D1,00000000,00000000,00000000,00000000,?,0066D7F8,00000000,00000007,00000000,?,0066DBF5,00000000,00000000), ref: 006629F0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 006622D0
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 006622E3
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 006622F4
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00662305
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 003aa14a8124f2c067b204a84f9ba42a1f4e2869d99dd1b4adc6516cadb3911e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2461a2b9d2c8c26fe7ed23ecef43151897d33e6586dc2ccd14481b327b00e9bf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 003aa14a8124f2c067b204a84f9ba42a1f4e2869d99dd1b4adc6516cadb3911e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6FF03A70A00926CBCB56AF95BC219583FA6B718BB5B40870EF410D22B1CF381911ABED
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 006495D4
                                                                                                                                                                                                                                                                                                                                                            • StrokeAndFillPath.GDI32(?,?,006871F7,00000000,?,?,?), ref: 006495F0
                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00649603
                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32 ref: 00649616
                                                                                                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 00649631
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 613fdbb23f9565cbddf31ec33b3789ca069d684f598f21efc0ff89de113d3664
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d45ab384597543d2bf9af7ae3cacba380175845728e5842a13a223508e86dedf
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 613fdbb23f9565cbddf31ec33b3789ca069d684f598f21efc0ff89de113d3664
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DBF06430016288EBDB26AF29EC1CBA53B62AB00332F448314F469551F0CB399991CF28
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                                                            • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f291f749c072b753d98af71f7e0ffbacea16ce32b4c6008b1c6d6386f429153d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 529d948f5845349d32f2e84cbe8d5b6e82619f96e57bc86673a07bfda3ba4e9d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f291f749c072b753d98af71f7e0ffbacea16ce32b4c6008b1c6d6386f429153d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4FD10031900206DADB289F68C855BFAB7B7EF07300F2C415AE906AF750D775AE81CB95
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00650242: EnterCriticalSection.KERNEL32(0070070C,00701884,?,?,0064198B,00702518,?,?,?,006312F9,00000000), ref: 0065024D
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00650242: LeaveCriticalSection.KERNEL32(0070070C,?,0064198B,00702518,?,?,?,006312F9,00000000), ref: 0065028A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006500A3: __onexit.LIBCMT ref: 006500A9
                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 006B6238
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006501F8: EnterCriticalSection.KERNEL32(0070070C,?,?,00648747,00702514), ref: 00650202
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006501F8: LeaveCriticalSection.KERNEL32(0070070C,?,00648747,00702514), ref: 00650235
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006A359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 006A35E4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006A359C: LoadStringW.USER32(00702390,?,00000FFF,?), ref: 006A360A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
                                                                                                                                                                                                                                                                                                                                                            • String ID: x#p$x#p$x#p
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1072379062-987765559
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2e356141c459a1230b6fe8390b866cbf2219388813c70f2d039b07cd930c85ef
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5a608d6b04617b18b8bdfdebb8138da4aa7530105d4d649d6c554b9d6fe7163e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e356141c459a1230b6fe8390b866cbf2219388813c70f2d039b07cd930c85ef
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1C15CB1A00105AFDB24DF98C895EFAB7BAEF48300F14806DF9459B291DB74ED85CB94
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: JOc
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-555135532
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 10b97ecfc2500e0e5e9c86dd3e24b5e580b67f7ff861189df0c02e8f11d52eba
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 94bee166cd6ab1fdd1a557386fbe61d30c8d325c55c080ca20977b5635d54725
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 10b97ecfc2500e0e5e9c86dd3e24b5e580b67f7ff861189df0c02e8f11d52eba
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0651B071D0060AAFCB109FA9C846FEE7BBAEF05310F14005DF806A7291DA319A02CB65
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 00668B6E
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 00668B7A
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00668B81
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                                                                                                                                                                                                                                                                                                                            • String ID: .e
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2434981716-2491337497
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 01954d1a0e39db0a43fd504baf3d23722aad75f59b5dc455a999c73dbcb0eee0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e9291a513d5059f12b8adf73c7293471453d2ad58cb6bf75effaf8dbef72c62f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 01954d1a0e39db0a43fd504baf3d23722aad75f59b5dc455a999c73dbcb0eee0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44416AB0604185AFDB249F74DC84ABD7FA7DB85314F2883A9F88587652DE318D039794
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,006921D0,?,?,00000034,00000800,?,00000034), ref: 0069B42D
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00692760
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,006921FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0069B3F8
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0069B355
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00692194,00000034,?,?,00001004,00000000,00000000), ref: 0069B365
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00692194,00000034,?,?,00001004,00000000,00000000), ref: 0069B37B
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 006927CD
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0069281A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5c3ede0f0f719cc69f5270a7b6cabaf69e27ee571cc12fd8cb03e44b9440496c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cd4f42c601bfe19171e0b83f28e996f8289e46888ca08a2132122a5fa230f0f8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5c3ede0f0f719cc69f5270a7b6cabaf69e27ee571cc12fd8cb03e44b9440496c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00413B72900218BFDF10DBA4DD51EEEBBB9AF09700F005099FA55B7581DB706E45DBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00661769
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00661834
                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 0066183E
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                                                            • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2506810119-1957095476
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e67d5ad3804a47332471331b20158761ed90334b4a10b951caeff79c0c3526df
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ccdb4d93de35ae8353af5166f7b9052bbabaab3924449a81eb094a0ba64c9ef1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e67d5ad3804a47332471331b20158761ed90334b4a10b951caeff79c0c3526df
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E316071A00218EFDB21DF999C85D9EBBFEEB86310F58416AF804DB211DA708E41CB94
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0069C306
                                                                                                                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,00000007,00000000), ref: 0069C34C
                                                                                                                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00701990,00CB7838), ref: 0069C395
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7f89a150e8cc8c28ebcad62a44d066e35336d7e00b9b4bab1b3ce7e9c790bedc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8fbd7e903bb11b628286280578d18d4e6056eae1a9d6facc4f98cfa36507df83
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f89a150e8cc8c28ebcad62a44d066e35336d7e00b9b4bab1b3ce7e9c790bedc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F41A0712043019FDB20DF24D845F6ABBEAAF85320F04861DF8A597391D770A904CBA6
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,006CCC08,00000000,?,?,?,?), ref: 006C44AA
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32 ref: 006C44C7
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 006C44D7
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                            • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e499065a83c708852c5ae3401cea87a0b5beccf4fc06a3da2b176cca36b15fe9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ab7a40557162631e6675e9c9f3a79dd5dca2fbf9db517b73052c42a016d872f6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e499065a83c708852c5ae3401cea87a0b5beccf4fc06a3da2b176cca36b15fe9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 37318B31210605AFDB248E38DC55FEA7BAAEB08334F208719F979932E0DB70EC509B50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SysReAllocString.OLEAUT32(?,?), ref: 00696EED
                                                                                                                                                                                                                                                                                                                                                            • VariantCopyInd.OLEAUT32(?,?), ref: 00696F08
                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00696F12
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$AllocClearCopyString
                                                                                                                                                                                                                                                                                                                                                            • String ID: *ji
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2173805711-1642545397
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 08dd1a142b8ea50c470cef6b061586c46110021e3167913fd653122729a9aee6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7ce41144560f156d73f437ad6d47e3551d6b0318c5e251a8d1e5b9fce41322ea
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 08dd1a142b8ea50c470cef6b061586c46110021e3167913fd653122729a9aee6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27316B72604345DBCF09AFA5E8919BE37BBEF85310B1044A9F9038B6B1CB349916DBD4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 006B335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,006B3077,?,?), ref: 006B3378
                                                                                                                                                                                                                                                                                                                                                            • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 006B307A
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006B309B
                                                                                                                                                                                                                                                                                                                                                            • htons.WSOCK32(00000000,?,?,00000000), ref: 006B3106
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                                                            • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 231eb1e8d8ebe3b54efb652d76089d3064683097eed8c36f2dc4dd936ea388c1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f177f6ec0a43c86bff7022a6bdb23832527a2c0eb95e4a764b93a5a7f4e1373e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 231eb1e8d8ebe3b54efb652d76089d3064683097eed8c36f2dc4dd936ea388c1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1031E4B57002119FC710DF2CC585EEA7BE6EF14318F248059E9158B392DB71DE85CB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 006C3F40
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 006C3F54
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 006C3F78
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                                                                                                            • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 398fef997379cd2187e0e0729f6fa4571aa87d1356c6605741b68a257c5cf07e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 05911152a4c6983a88c1dada07fb5cf1f03cdc7ac590c2bbb41c5385cd25dfd9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 398fef997379cd2187e0e0729f6fa4571aa87d1356c6605741b68a257c5cf07e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D221BF32600229BFDF258F50CC46FEA3B7AEF48724F114218FA156B2D0D6B5A9508B90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 006C4705
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 006C4713
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 006C471A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2c03e4c15671f77d823968899ca4baeed194c5aa0ee998c2c989ccd8964df40a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 002ed6a31f3b674db10ff84ba1fd90d0b2f7805de886adee15568c07d1c781a4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c03e4c15671f77d823968899ca4baeed194c5aa0ee998c2c989ccd8964df40a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43215CB5600209AFDB10DF64DCA5EB737AEEF4A3A4B05015DFA049B351CB30EC51CA64
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2443e3b7c4d68218319a5796d503ba9b9772d1b7810ab43ac79940758b0d8438
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 75ce77b8e1039bd1060ae94c5c4f18e6fdc79b188247f179294b5f0420c1866c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2443e3b7c4d68218319a5796d503ba9b9772d1b7810ab43ac79940758b0d8438
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5421F672104511A6EB31AB2C9C02FF773AF9F51310F15442EF949D7A42EB51AD46C2E9
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 006C3840
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 006C3850
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 006C3876
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 71eccb6d354e064f46e66f6e95c7fe14e838102c30e4f73b264e4aa623c776dc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 413fe682f8d67d047e4adba58ad00b92e836c7591a0e6139959782795455d3cb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 71eccb6d354e064f46e66f6e95c7fe14e838102c30e4f73b264e4aa623c776dc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49217F72610228BBEB219F54DC85FFB376BEF89760F118118F9059B290C6759C5287A0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 006A4A08
                                                                                                                                                                                                                                                                                                                                                            • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 006A4A5C
                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,006CCC08), ref: 006A4AD0
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                            • String ID: %lu
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 13a39fbb0aa330728195b3ab5997e8a278952ba9bf33b5dd33739805b52c3ed1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 603262db0def07d10f2dfe89a669560cd2290c12cedae22333157e57d0a55639
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13a39fbb0aa330728195b3ab5997e8a278952ba9bf33b5dd33739805b52c3ed1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90317F71A00108AFDB50DF54C885EAA77F9EF45314F1480A9E509DB252DB71ED45CBA1
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 006C424F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 006C4264
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 006C4271
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f5d0755866b1f57b73b774ac7ef42d7ac5b383ddb5f91d7380659ab195811920
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5d949da3def4acd5ba1d363c1942500ba200726b3dc0cbc47b3cdf5266979699
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5d0755866b1f57b73b774ac7ef42d7ac5b383ddb5f91d7380659ab195811920
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BA110631240208BEEF209F29CC06FFB3BAEEF85B64F014119FA55E2190D675DC519B14
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00636B57: _wcslen.LIBCMT ref: 00636B6A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00692DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00692DC5
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00692DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00692DD6
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00692DA7: GetCurrentThreadId.KERNEL32 ref: 00692DDD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00692DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00692DE4
                                                                                                                                                                                                                                                                                                                                                            • GetFocus.USER32 ref: 00692F78
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00692DEE: GetParent.USER32(00000000), ref: 00692DF9
                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00692FC3
                                                                                                                                                                                                                                                                                                                                                            • EnumChildWindows.USER32(?,0069303B), ref: 00692FEB
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8f1923819c0918a3b96e1100e513603464185e2be1e2378d061857612c873bb1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8622f906cd9c42aaa394ba1fc9d43ecb265fc1b9223288a34214c7dbc637e956
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f1923819c0918a3b96e1100e513603464185e2be1e2378d061857612c873bb1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D11B1716002156BCF947F70CC99EFE776FAF84314F048079FA0A9B292DE30994A8B64
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 006C58C1
                                                                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 006C58EE
                                                                                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32(?), ref: 006C58FD
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b4af562e1a9a52884aaea73cae28ec6a016151b4d9464379344236db9b20b4b3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d205a4233f8f65955ea5690cb02f9a50aadeee108d5e65185cceb226b324a01a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b4af562e1a9a52884aaea73cae28ec6a016151b4d9464379344236db9b20b4b3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49011B31500258EEDB619F11DC44FBEBBBAFB45361F10809EE84AD6251DB309A95DF21
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 0068D3BF
                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32 ref: 0068D3E5
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                                                                                            • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cd6fdff59768f6e5af072020a09f13ff10172198db68c28622a26ca69a96d316
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c1414187081db0482fd8674e60d8a861c4063e6559fed263141c8588ee733c5c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd6fdff59768f6e5af072020a09f13ff10172198db68c28622a26ca69a96d316
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5F0E521845621EBD7313B114C64EB9B727AF11B11B598369E90AE22C4DB20CE4587B2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a9d63f4174466cf1edc9f70159ed4737bfa39cd5b05f8edd3edd0828e2cb9bd1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cd9fde1baa2bce8e0967c1fb185da919a11ec3782f67e7c34c09397016b708a0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a9d63f4174466cf1edc9f70159ed4737bfa39cd5b05f8edd3edd0828e2cb9bd1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9BC14C75A00216EFDF14CFA4C894AAEB7BAFF48714F208598E505EB251D731DE42DB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6aefef81e796648ccec24b90c2c634b129a48517bdf7427c27f1566133fb7677
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4017dd282dd933ddbc6551bc052f3a22462257e1fbaec92154456811964c9b8e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6aefef81e796648ccec24b90c2c634b129a48517bdf7427c27f1566133fb7677
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3A14AB57042109FCB54DF28C485A6AB7E6FF88724F04885DF98A9B362DB30ED41CB95
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,006CFC08,?), ref: 006905F0
                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,006CFC08,?), ref: 00690608
                                                                                                                                                                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(?,?,00000000,006CCC40,000000FF,?,00000000,00000800,00000000,?,006CFC08,?), ref: 0069062D
                                                                                                                                                                                                                                                                                                                                                            • _memcmp.LIBVCRUNTIME ref: 0069064E
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3a70f354a2db203991d74e047caf3f106f8e2458ea47832f76ce72b87c210c82
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a860283ca1c3086b875a5f294ebaf4266f1c796474b74a0eec9541360712789d
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a70f354a2db203991d74e047caf3f106f8e2458ea47832f76ce72b87c210c82
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7281E875A00109EFDF04DF94C984EEEB7BAFF89315F204598E516AB250DB71AE06CB60
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 006BA6AC
                                                                                                                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 006BA6BA
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00639CB3: _wcslen.LIBCMT ref: 00639CBD
                                                                                                                                                                                                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 006BA79C
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 006BA7AB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0064CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00673303,?), ref: 0064CE8A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c84e29703b3644f843528699de59278a7b8bc75a660f6b181d684777147b8df8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b60cafd03068b1d8e11cba204cc90f04be6ae211e34313f30fe7f2d03792e185
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c84e29703b3644f843528699de59278a7b8bc75a660f6b181d684777147b8df8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49516DB1508300AFD750EF24C886E6BBBEAFF89754F00892DF58997251EB70D904CB96
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ecb3658cac215d2f3f2a8d1f48c306012806068ec7127a4b9f4f221ad6a43134
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: deeae6b408d2472f19b5de1cf8050935fe806fe916c4b3ac6f0bbb4d0b3493ba
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ecb3658cac215d2f3f2a8d1f48c306012806068ec7127a4b9f4f221ad6a43134
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41412A71600500ABDB256FFD8C46AEE3AE7EF43770F14822BF81DDB291E63489425365
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 006C62E2
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 006C6315
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 006C6382
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e6ab40a8ef4e06a58ce8d109e247548a6141cf7cf4c16211847d6e1f330dec69
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a8728020b25217b3cb6f2c216220960811be83a1016edc000aa4631b05c172ec
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6ab40a8ef4e06a58ce8d109e247548a6141cf7cf4c16211847d6e1f330dec69
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0151F874A00249EFDB10DF68D984EBE7BB6EF45360F10826DF8199B290D730AD81CB94
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000002,00000011), ref: 006B1AFD
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 006B1B0B
                                                                                                                                                                                                                                                                                                                                                            • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 006B1B8A
                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 006B1B94
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b041671b784b913213b5ab2023a68cb11095b0e015a36b8bcba05c1c5a9391e3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 775a040b4994352504888a671f24f66b43bd08a6c3b2b3efb1668e428b0e1110
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b041671b784b913213b5ab2023a68cb11095b0e015a36b8bcba05c1c5a9391e3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B141B074600200AFE720AF24C896F6A77E6AB45718F54844CFA1A9F3D2D772DD828B90
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b47ad5c2f38901e6a97da55c3b8d08bda0c9da4d877e48640105024dcfc8defb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: def762823d73d37a905c132461699314aa9e308ea7952de3d7f4996aea99a992
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b47ad5c2f38901e6a97da55c3b8d08bda0c9da4d877e48640105024dcfc8defb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2141F571A00714EFD724AF78CC41BAABBEBEB88710F10852EF556DB292DB7199418784
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 006A5783
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 006A57A9
                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 006A57CE
                                                                                                                                                                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 006A57FA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 046457b5ca5e8a0f8dc9723423b4cb98706d1b4ee6c6bf3d4b8f799d94097d9a
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 887cc178c1e3df8d3ec59f44db304f439b321eebea5da2e25e00ff4a30b378e2
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 046457b5ca5e8a0f8dc9723423b4cb98706d1b4ee6c6bf3d4b8f799d94097d9a
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62410C39600614DFCB25EF15C544A59BBE2EF89320F198488E85A6B362CB35FD41CF95
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,?,00656D71,00000000,00000000,006582D9,?,006582D9,?,00000001,00656D71,?,00000001,006582D9,006582D9), ref: 0066D910
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0066D999
                                                                                                                                                                                                                                                                                                                                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0066D9AB
                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 0066D9B4
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00663820: RtlAllocateHeap.NTDLL(00000000,?,00701444,?,0064FDF5,?,?,0063A976,00000010,00701440,006313FC,?,006313C6,?,00631129), ref: 00663852
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 456b6d4a2336c485f43ceb4c6c58ff3430d9ae47ed2576ab6d5a437ca830a3b6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3a30a4cdb98656c32599b13dd63959ed696faea0d18bb6b587abf6cd2bc0b2b6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 456b6d4a2336c485f43ceb4c6c58ff3430d9ae47ed2576ab6d5a437ca830a3b6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E31AB72A0020AABDB249F65DC45EEF7BA6EB41310F054268FC08D7290EB35DD55CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 006C5352
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006C5375
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 006C5382
                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 006C53A8
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: de3c6bfebebdf527b90f817059bbb4ae732e3ddbc09c13df0bcf370b48ad25ef
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e9bbc305844b728bbdfcfe5d09df42cf764812a6d433f30faea410652ac65ace
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de3c6bfebebdf527b90f817059bbb4ae732e3ddbc09c13df0bcf370b48ad25ef
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3531B634A55A88EFEB309B54CC05FF97767EB04390F54410AFA1A963E1E7B4B9C09B81
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 0069ABF1
                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(00000080,?,00008000), ref: 0069AC0D
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000101,00000000), ref: 0069AC74
                                                                                                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 0069ACC6
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d6685642146fb773396657950fbf8a2e39437bb09b5b4510671614374e94507e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 782b3a8d137687efd78bdc0d83e5523ddb0a373f33320e4469a59c3479b4737c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6685642146fb773396657950fbf8a2e39437bb09b5b4510671614374e94507e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6310830A00618EFEF35CBA58C04BFA7BEFAB85321F04461EE4855AAD1C375898587D6
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 006C769A
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 006C7710
                                                                                                                                                                                                                                                                                                                                                            • PtInRect.USER32(?,?,006C8B89), ref: 006C7720
                                                                                                                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 006C778C
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9c6388e907cf122fe8169d58731304e13531cebeb1a58de343d45fbd456e16ac
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 864a8279b9c7fa8794c00482ff02fcee70270a8228d2531e181f666b4c421933
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c6388e907cf122fe8169d58731304e13531cebeb1a58de343d45fbd456e16ac
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01415534A09258DFCB01CF68D894FB9B7B6FB49314F5981ADE8149B361C734A942CFA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 006C16EB
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00693A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00693A57
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00693A3D: GetCurrentThreadId.KERNEL32 ref: 00693A5E
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00693A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,006925B3), ref: 00693A65
                                                                                                                                                                                                                                                                                                                                                            • GetCaretPos.USER32(?), ref: 006C16FF
                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(00000000,?), ref: 006C174C
                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 006C1752
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7f8518791f8bc6591d183a19ab018fedbbe7891f1a9c320853382ca56f57922e
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4fc3cc31ef0d1f47ca66a3e04b700f793994727b9533449865e8503489101b53
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f8518791f8bc6591d183a19ab018fedbbe7891f1a9c320853382ca56f57922e
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53313D75D00149AFCB44EFA9C881DAEBBFAEF89314B5080ADE415E7212D7319E45CFA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00649BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00649BB2
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 006C9001
                                                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00687711,?,?,?,?,?), ref: 006C9016
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 006C905E
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00687711,?,?,?), ref: 006C9094
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c5654d1e9915a90e8e84ce680eff033cd8fe5d2bcb781c9e5fbf63ac623d4235
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cbb38f339da12a5e0654f20eebf1125b9de5848bdabaf6def3440c7910ce67d6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5654d1e9915a90e8e84ce680eff033cd8fe5d2bcb781c9e5fbf63ac623d4235
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D217F35700018EFDB298F94CC58FFA7BBAEB49360F54416EF905472A1C735A990DB64
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?,006CCB68), ref: 0069D2FB
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0069D30A
                                                                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 0069D319
                                                                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,006CCB68), ref: 0069D376
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a2bc62ac0fbbac20424b3d7dce7c890866814d1551247635ecee17fe765c5f34
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 639717a9147df753f53040040a1986aba3f59cb99fc3812e6c85d3d7c515ace7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2bc62ac0fbbac20424b3d7dce7c890866814d1551247635ecee17fe765c5f34
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8721A170508201DFCB00DF28C8818AAB7EAEF56365F104A2DF499C37A1DB30DA46CB97
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00691014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0069102A
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00691014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00691036
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00691014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00691045
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00691014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0069104C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00691014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00691062
                                                                                                                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 006915BE
                                                                                                                                                                                                                                                                                                                                                            • _memcmp.LIBVCRUNTIME ref: 006915E1
                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00691617
                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 0069161E
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 079084010ef9d6018b3f9f8019d2d38ba4ecad95a54bd25441d648ee2f1d2254
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6e09173ed7493aa0a597240d6bba55ac7f2a7623fe4a9e88b50e987f7f669a40
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 079084010ef9d6018b3f9f8019d2d38ba4ecad95a54bd25441d648ee2f1d2254
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C421DE72E0010AEFDF00DFA4C944BEEB7BAEF42354F294459E405AB240E730AE05CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 006C280A
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 006C2824
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 006C2832
                                                                                                                                                                                                                                                                                                                                                            • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 006C2840
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ba7aebb61160205b52f311ce6a264bc047bd5d25b1d651c2ddf7463c988044d1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bb31afaca98f3e41a89463103e69a8f9d47fedbc962428dcc1f76481526ef4e7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ba7aebb61160205b52f311ce6a264bc047bd5d25b1d651c2ddf7463c988044d1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9219235205512AFD7149B24C865FBA7796EF45324F14815CF8168B692C771EC42C7D0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00698D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0069790A,?,000000FF,?,00698754,00000000,?,0000001C,?,?), ref: 00698D8C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00698D7D: lstrcpyW.KERNEL32(00000000,?,?,0069790A,?,000000FF,?,00698754,00000000,?,0000001C,?,?,00000000), ref: 00698DB2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00698D7D: lstrcmpiW.KERNEL32(00000000,?,0069790A,?,000000FF,?,00698754,00000000,?,0000001C,?,?), ref: 00698DE3
                                                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00698754,00000000,?,0000001C,?,?,00000000), ref: 00697923
                                                                                                                                                                                                                                                                                                                                                            • lstrcpyW.KERNEL32(00000000,?,?,00698754,00000000,?,0000001C,?,?,00000000), ref: 00697949
                                                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(00000002,cdecl,?,00698754,00000000,?,0000001C,?,?,00000000), ref: 00697984
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                            • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a50949d3af7c114a1186f6b38231a9095912e905c5ca1e5605deecc405c504e3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8f03e6aca095d5c01b0a4d8a84c1451435b0ccff24bcf6c6eb2c1294f97546e9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a50949d3af7c114a1186f6b38231a9095912e905c5ca1e5605deecc405c504e3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6511033A200202AFCF159F35D844EBA77AAFF85360B10402AF906CB7A4EF319801C7A5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 006C7D0B
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000F0,?), ref: 006C7D2A
                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 006C7D42
                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,006AB7AD,00000000), ref: 006C7D6B
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00649BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00649BB2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 847901565-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ad35474a96b5062fbdb35f1a691073ce523b39345ad5fd8c659dd966aeb4f09c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 54b312662a7612d43378284b3ba3380465d460bdbc265477f8246858dee7fefe
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ad35474a96b5062fbdb35f1a691073ce523b39345ad5fd8c659dd966aeb4f09c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C118C32614655AFCB109F28DC04EB63BA6EF45370F558728F83AC72E0D730A961DB90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001060,?,00000004), ref: 006C56BB
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006C56CD
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006C56D8
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 006C5816
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 75b7ba6a5ad583b777ddf386e56235541cc009378a29ba951135e8312be5878c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6c2707ec46868fd0bddbe86fe4dfde6a9c7ecd13d084c71e539a21aa422da970
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75b7ba6a5ad583b777ddf386e56235541cc009378a29ba951135e8312be5878c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A911DF7160060896DF209B628C85FFE37ADEB10364F10816EF91696181EB70EAC4CB64
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 455ea6e9bba81e9304cf1a3459ef8674259b194b66f3fb6d0e56a5bcbcd2fe75
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 335b9af4450a8dce8342cd936936ced41bec083be091e2ba4cd62aa24d8623a1
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 455ea6e9bba81e9304cf1a3459ef8674259b194b66f3fb6d0e56a5bcbcd2fe75
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 270121B2709A063EF76026796CC0FA7661FDF827B8F38032AF520A92D2DF609C005174
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00691A47
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00691A59
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00691A6F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00691A8A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 17f2492dc20011e2646104aa48a51df9b056783ed28f43a4d678aaf7b3ae3d4b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: df7bbced1836e92c159f173554a0d94e1a1284533df4278c5c87ab9fb666add4
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17f2492dc20011e2646104aa48a51df9b056783ed28f43a4d678aaf7b3ae3d4b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B11393AD01219FFEF10DBA5CD85FADBB79EB08750F200092EA04BB290D6716E50DB94
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0069E1FD
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(?,?,?,?), ref: 0069E230
                                                                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0069E246
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0069E24D
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e1927cc3fcb55f997a43d8d0c19f40d361d1e03eafd804ecad46b26f9fa104d5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 44639a6c9b6a52a9a07c320557524417e7e9b21d6829089766f9506911fa167c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1927cc3fcb55f997a43d8d0c19f40d361d1e03eafd804ecad46b26f9fa104d5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5211C876D04254BBCB01DBA89C05EAE7FAEEB45720F148355F918D3791D6758A0487A0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,?,0065CFF9,00000000,00000004,00000000), ref: 0065D218
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0065D224
                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 0065D22B
                                                                                                                                                                                                                                                                                                                                                            • ResumeThread.KERNEL32(00000000), ref: 0065D249
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e7d62381b183e79c31c7b05629f16cfcec19401fb2114983efecc466409b633f
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 10e1059b6345b2b979022c5d84af6e15c0bcd7bf3e3021057908310acbd37466
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7d62381b183e79c31c7b05629f16cfcec19401fb2114983efecc466409b633f
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0401D6764056047BCB315BA5DC05BAE7A6BDF81332F100219FD29921D0DB708A09C7A0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00649BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00649BB2
                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 006C9F31
                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 006C9F3B
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 006C9F46
                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 006C9F7A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 459ea5934c16ca5e6479e2bd1e9199c76e25f5f51fd54419cca820e2e2a766eb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: da9ea02ae4b993dc686c1fca3ca1a6bdeb38c7c4922a65c6eb0d7d45e160c1e0
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 459ea5934c16ca5e6479e2bd1e9199c76e25f5f51fd54419cca820e2e2a766eb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6611363290011AEBDB00DF68D889EFE77BAEB05311F404459F921E3240D730BA91CBB5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0063604C
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00636060
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 0063606A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 22d868d87838e815f40d9a4fd2e072e497fd46863d0c13929cf8e3d569dcd5a6
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b82571a5633ad5b6fb7374eff7245520138f15a4a67ecc7b73126bacef2b43ac
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 22d868d87838e815f40d9a4fd2e072e497fd46863d0c13929cf8e3d569dcd5a6
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18116D72501548BFEF164FA4DD55EEABB6AEF093A4F048215FA1892120D732DC60DBE0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • ___BuildCatchObject.LIBVCRUNTIME ref: 00653B56
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00653AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00653AD2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00653AA3: ___AdjustPointer.LIBCMT ref: 00653AED
                                                                                                                                                                                                                                                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 00653B6B
                                                                                                                                                                                                                                                                                                                                                            • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00653B7C
                                                                                                                                                                                                                                                                                                                                                            • CallCatchBlock.LIBVCRUNTIME ref: 00653BA4
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cbeab1b091b87c29cce5d3d9218997a023c348b2c5be3bf553507942ec1bf989
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15014C32100158BBDF125E95CC42EEB3F6EEF58B99F044058FE4896221C732E965DBA4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,006313C6,00000000,00000000,?,0066301A,006313C6,00000000,00000000,00000000,?,0066328B,00000006,FlsSetValue), ref: 006630A5
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0066301A,006313C6,00000000,00000000,00000000,?,0066328B,00000006,FlsSetValue,006D2290,FlsSetValue,00000000,00000364,?,00662E46), ref: 006630B1
                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0066301A,006313C6,00000000,00000000,00000000,?,0066328B,00000006,FlsSetValue,006D2290,FlsSetValue,00000000), ref: 006630BF
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c6a68721d3ec55945a7a540867025a4a9855a1a7a589472799025ddb1c0dbd05
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0331e0787199c7ded4003926d6badbf728022dd5629928a27caf5e97aa427399
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c6a68721d3ec55945a7a540867025a4a9855a1a7a589472799025ddb1c0dbd05
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3501FC32701332ABC7314B79DC44DA7779AEF05771B100620F919D7340C725D905C6E0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0069747F
                                                                                                                                                                                                                                                                                                                                                            • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00697497
                                                                                                                                                                                                                                                                                                                                                            • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 006974AC
                                                                                                                                                                                                                                                                                                                                                            • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 006974CA
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: da6cb6ce8b342b0bcedf57f7a101a7796a34c4a1fa854895810384e29909a2fb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f60bd8de987819791b7e2f7cbb16917c5270a06dba5adf4285bc4bb142516525
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da6cb6ce8b342b0bcedf57f7a101a7796a34c4a1fa854895810384e29909a2fb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D911ADB1215314ABEB20CF14DC08FA67BFEEF00B10F108569E61AD7992D7B0E904DBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0069ACD3,?,00008000), ref: 0069B0C4
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0069ACD3,?,00008000), ref: 0069B0E9
                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0069ACD3,?,00008000), ref: 0069B0F3
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0069ACD3,?,00008000), ref: 0069B126
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c5409030c8754579a50f5e76375eb269dcbf263bdd25dc1e6372f842508684c4
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7b22d7cf5fb1bab59b3c5003a08adfbabe1da4c3c2dfab76025a0ff40d920887
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5409030c8754579a50f5e76375eb269dcbf263bdd25dc1e6372f842508684c4
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F115E31C0152DD7CF009FE5EA68AFEBB79FF4A711F115095D941B2641CB3055518B51
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 006C7E33
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 006C7E4B
                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 006C7E6F
                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 006C7E8A
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2d8f70bc439d67935c024b768bccf77f0f9d0891db6aa24b1621aa2a989e2dc9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 23e8e250ace2701840d190f673c2a3383ce73c1ad4f15d1d8ad7386d5e59c685
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2d8f70bc439d67935c024b768bccf77f0f9d0891db6aa24b1621aa2a989e2dc9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 331156B9D0020AAFDB41CF99C984AEEBBF5FF18310F505056E915E3210D735AA55CF50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00692DC5
                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 00692DD6
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00692DDD
                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00692DE4
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 099fa4f587d3809bab2c52c242741fb46366b7f2df92047e74628eaac5df574d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f02b5ba77934707321c624f64f038a14f2290d9c62d5b9117c445f7e31128754
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 099fa4f587d3809bab2c52c242741fb46366b7f2df92047e74628eaac5df574d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44E092715012247BDB201B739C0DFFB7E6EEF42BB1F001016F10AD14809AA0C845D6B0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00649639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00649693
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00649639: SelectObject.GDI32(?,00000000), ref: 006496A2
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00649639: BeginPath.GDI32(?), ref: 006496B9
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00649639: SelectObject.GDI32(?,00000000), ref: 006496E2
                                                                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 006C8887
                                                                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,?,?), ref: 006C8894
                                                                                                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 006C88A4
                                                                                                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 006C88B2
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5bf43e082fef34073d92e760a7444ee73de151e248b989de6d81b011de7167da
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 05c704fb4b5b00cf2795bf43ca3ca6009298cbd1800d64c30da032099b9ef0c3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5bf43e082fef34073d92e760a7444ee73de151e248b989de6d81b011de7167da
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7FF0E236142258FBEB226F94AC0DFEE3F1AAF06320F448104FA01614E1CB791510CFE9
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000008), ref: 006498CC
                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 006498D6
                                                                                                                                                                                                                                                                                                                                                            • SetBkMode.GDI32(?,00000001), ref: 006498E9
                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000005), ref: 006498F1
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 32c31bd0ff0218bb944a626d3d0aa7146f2a1d3e3f8bdb531cee5cdc2fd64487
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9f4d5d1cec12fd21395fc47a49b9b08e1d9189fdbb0e1cb07e701608c1798c34
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 32c31bd0ff0218bb944a626d3d0aa7146f2a1d3e3f8bdb531cee5cdc2fd64487
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74E06D31644280AEDB215B79BC09FE93F62AB12336F188319F6FE981E1C77186509B21
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 00691634
                                                                                                                                                                                                                                                                                                                                                            • OpenThreadToken.ADVAPI32(00000000,?,?,?,006911D9), ref: 0069163B
                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,006911D9), ref: 00691648
                                                                                                                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,006911D9), ref: 0069164F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2e8aaac753eb0215046c1e0f4d5aee37ead6dfc0f4fb8bb64ad997bd560f24f2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bd75643a4c15d5ed1c2335197df5b4d98a3657aa0613bf31e88f03d3dc9b8539
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e8aaac753eb0215046c1e0f4d5aee37ead6dfc0f4fb8bb64ad997bd560f24f2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CE08671A01211DBDB201FA0AD0DFA63B7EBF457A1F184808F249CE080D6388441C750
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 0068D858
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 0068D862
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0068D882
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?), ref: 0068D8A3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4b1706524ba489d650c426806cd7005f23330787204b2a50c636b76303e855b7
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9c05ea049313c0094858111e0f0e9f1ec45230009216d19dfa5fc2d4ad241ea3
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b1706524ba489d650c426806cd7005f23330787204b2a50c636b76303e855b7
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6FE09AB5900205EFCB41AFA1D90CA7DBBB7FB48321F149459F84AE7250C7399942AF50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 0068D86C
                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 0068D876
                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0068D882
                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?), ref: 0068D8A3
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dbbfca5c97af3cdd59e0fcd02f9b48c1cd2da5682c88efd96902169ea9ccae61
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 83b6d7a6835927dffafc81d7f80e94a327d252fe2a75ad470fc927a9de88fecc
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dbbfca5c97af3cdd59e0fcd02f9b48c1cd2da5682c88efd96902169ea9ccae61
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14E092B5D00204EFCB51AFA1D90CA6DBBB6BB48321F14A449F94AE7250CB399902AF50
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00637620: _wcslen.LIBCMT ref: 00637625
                                                                                                                                                                                                                                                                                                                                                            • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 006A4ED4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6b03a1c35f3ab784cf0ecf18a11b491110f36be03aa8285fa6f22f7456b12294
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5c6f96432855e89d14a26d228edf7db0fb5c64c53b77264598931d1767d3567a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6b03a1c35f3ab784cf0ecf18a11b491110f36be03aa8285fa6f22f7456b12294
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32914F75A002049FCB14EF58C884EAABBF2BF85314F158099E40A9F362DB75ED85CF91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __startOneArgErrorHandling.LIBCMT ref: 0065E30D
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                                                                                            • String ID: pow
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fff1aad8c464d3b006251b640fc8c43194bd5466eb3f66e16dda351cdb52583c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b35a39cd258d29b617d16272a0d6da56b3081f2bc7fed35a58bf9e13e0673092
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fff1aad8c464d3b006251b640fc8c43194bd5466eb3f66e16dda351cdb52583c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D519D61E0C20296CF197714C9013F93B979F10746F304D9DE8D5423A9EB368EC99A4A
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(0068569E,00000000,?,006CCC08,?,00000000,00000000), ref: 006B78DD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00636B57: _wcslen.LIBCMT ref: 00636B6A
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(0068569E,00000000,?,006CCC08,00000000,?,00000000,00000000), ref: 006B783B
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: BuffCharUpper$_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: <so
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3544283678-187667226
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 51ac023952edbfa03e254aa728921f9ddea401e4f1fb77d773a560468c96e7b8
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 38e0f3a4d0208e84a91429e510dffbde00b3ffffe96a21cd4b5be3508769d9cb
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51ac023952edbfa03e254aa728921f9ddea401e4f1fb77d773a560468c96e7b8
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 766116B6914128AACF44EBA4CC91DFDB37ABF54300F444129F642A7191EF20AA49DBE4
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                            • String ID: #
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 44a68315c18e0456d0a339bf39d1177e1e7a36029e439db2593997dd37364a46
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 88bb804f98701f32d96f01f9e0246db32c64251af746e5a42a1fa9396e213473
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44a68315c18e0456d0a339bf39d1177e1e7a36029e439db2593997dd37364a46
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B2513375604246DFDB14EF28C481AFA7BA7FF15310F248259E8919B3C0D6769E42CBA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 0064F2A2
                                                                                                                                                                                                                                                                                                                                                            • GlobalMemoryStatusEx.KERNEL32(?), ref: 0064F2BB
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0c6321800fb638ee6faf9251d83d7baf9fec235ed9dc264b9f2a0593f8dc6cfc
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 88509c69fd328d3a504354e4ae5ae67ea8178fc2f1fa2d327dbdbd6232cb6b8c
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c6321800fb638ee6faf9251d83d7baf9fec235ed9dc264b9f2a0593f8dc6cfc
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A15157B14087489BD360AF10DC86BAFBBF9FF85310F81885CF1D941195EB309529CBAA
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 006B57E0
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006B57EC
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 688dd7f6605a5e0c6911a241741161093d360f597008c5d1dc56a84f537e33e1
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2780b5e79e6b912d7217c7f3a363694b547890056a617f4f6b83293520f70068
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 688dd7f6605a5e0c6911a241741161093d360f597008c5d1dc56a84f537e33e1
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74418FB1A002199FCB14DFA9C881AFEBBB6EF59324F14406DE506A7351E7709D81CB94
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 006AD130
                                                                                                                                                                                                                                                                                                                                                            • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 006AD13A
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: |
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ffe4c080531cd9fc900c74e7d32ab7488b622a818ffc1f0bfb63ca0dd4756c36
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0fa8e59a247ddf420f045766532438bc97eab62a0e7425707f0d9a4b732e1fc5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ffe4c080531cd9fc900c74e7d32ab7488b622a818ffc1f0bfb63ca0dd4756c36
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19313E71D00109ABCF55EFA4CC85AEEBFBAFF05304F004019F815A6265DB35AA46DFA4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,?), ref: 006C3621
                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 006C365C
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8220b9f583483cd473c44b464f11f58a71b247311a283c114896527e202b3906
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ecb56ef633040cd025ab9039f1c8f4ebc3fe6787c859da8d4edeb28eca46b30a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8220b9f583483cd473c44b464f11f58a71b247311a283c114896527e202b3906
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B317C71110204AEDB109F68D881FFB73AAEF88720F00961DF9A597280DA31AD818B64
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 006C461F
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 006C4634
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: '
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4f1bacdf424a9fbb1bf897476e5aaf55201071da43b55ac66922e52f80d5a441
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a752549fbaf5f5daf1f58d23bea7a1c62bb8a1ca71e353e2a45c45ddedeb9e92
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f1bacdf424a9fbb1bf897476e5aaf55201071da43b55ac66922e52f80d5a441
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8313874A012099FDB14CFA9C9A0FEABBB6FF09300F50406AE905AB341DB70A941CF90
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 006C327C
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 006C3287
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                            • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ed60da6776c494b70b7a76675d8223e13ffb965ff6cab5e019d647b580810f4c
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cb1bc8deaf4d1a1309293f1fa2d72052f316cd63a908be7764909037fac139b8
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ed60da6776c494b70b7a76675d8223e13ffb965ff6cab5e019d647b580810f4c
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F11D071200218BFEF219F54DC84FFB376BEB94364F108129F91897390D6399E518760
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0063600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0063604C
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0063600E: GetStockObject.GDI32(00000011), ref: 00636060
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0063600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0063606A
                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 006C377A
                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000012), ref: 006C3794
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7d1388197c90dba0fa1f5a61cb71b5e30964ccf7cd5b77ef77a33d9140c730e5
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 46ceb304312b864c252ea539a538b802038ad2dcc0af9b3d5267366c6b64c201
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7d1388197c90dba0fa1f5a61cb71b5e30964ccf7cd5b77ef77a33d9140c730e5
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C41129B2610219AFDB01DFA8CC4AEFA7BB9EB09314F008518F955E2250D735E9519B64
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 006ACD7D
                                                                                                                                                                                                                                                                                                                                                            • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 006ACDA6
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                                                            • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b9d782a1a87f1f244a82c01a5206a26ea70dfef38515552063f4634aaa13beaf
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fdd36a40b1ed88c68f007da3d8de6a63243b90e478bab0cfa2519c315d477541
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b9d782a1a87f1f244a82c01a5206a26ea70dfef38515552063f4634aaa13beaf
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1811A071205635BAD7286B668C49EF7BEAAEF537B4F00422AB11982280D7609C41DAF0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextLengthW.USER32(00000000), ref: 006C34AB
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 006C34BA
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: edit
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: de871236927d75a7802b0ba678ee1c3c8af3e9f6948ca80ad2157a8ebc5eeca2
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 462a0bda692503b37f28cf95d772b1e7de9cdff52bd58374aa8e005a6b718c12
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de871236927d75a7802b0ba678ee1c3c8af3e9f6948ca80ad2157a8ebc5eeca2
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B115871500218AAEB268F64DC84FFA36ABEB05374F50C328F965933E0C775DD519B64
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00639CB3: _wcslen.LIBCMT ref: 00639CBD
                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?,?), ref: 00696CB6
                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00696CC2
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                            • String ID: STOP
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0c7358471dbe0969f17b69dbb7df281422c70f3caf95b6197cfd0af8e823c6f0
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e00341d528a6a1816d364826b91701d5f17d62cf06cda77a837d54cb125ba302
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c7358471dbe0969f17b69dbb7df281422c70f3caf95b6197cfd0af8e823c6f0
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8801C432A146268ACF219FBDDC819FF77BBEE61710B110529F86296690EA31D944C690
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00639CB3: _wcslen.LIBCMT ref: 00639CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00693CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00693CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00691D4C
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 031fc88211255c10774b0742581b45d4dcd68b61af1a8cfe9c0de292d8746678
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1f3dccefaaafbb6025980e3e3f65593932d963b0959bb68d1f294a4508d6d8e7
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 031fc88211255c10774b0742581b45d4dcd68b61af1a8cfe9c0de292d8746678
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E01B571601219AB8F08EBA4CD55CFE776EEF47360B14091DE8225B7C1EA70590C8AA0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00639CB3: _wcslen.LIBCMT ref: 00639CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00693CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00693CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000180,00000000,?), ref: 00691C46
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0f3c481fe57f7acc517b5e4dda867ddb66d3f15425ec47de8d0b43c1c139d02d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1dd202d2f2462897c94a6754dc24f6599000273ee71fd1e6c23a0e167098d548
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f3c481fe57f7acc517b5e4dda867ddb66d3f15425ec47de8d0b43c1c139d02d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E01F771684109A6CF08EB90CA51DFF77AE9F12340F20001DB506A7681EA749E08C6B5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00639CB3: _wcslen.LIBCMT ref: 00639CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00693CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00693CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000182,?,00000000), ref: 00691CC8
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 47216093c2ec921f69f38c8f74059dfdedf27d9863981f6d3788c76e3a4d67e9
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 676ec174be88f53bec81d45a95a755c7cb25ddd6be3e70ad5872727b5475768a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47216093c2ec921f69f38c8f74059dfdedf27d9863981f6d3788c76e3a4d67e9
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7201F975780119A7CF04EBA0CB11EFF77AE9F12340F64041AB902B7781EAA49F08C6B5
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 0064A529
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00639CB3: _wcslen.LIBCMT ref: 00639CBD
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ,%p$3yh
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2551934079-2402005161
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 14bd141e4d6d58ba0c983e55054aa0fd7e9ca3151c19f38af07353ce5a4ee29d
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ad2cccccb20f97b27d83eaba50953a2266495095da6710d0c18ca4a2303310b9
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14bd141e4d6d58ba0c983e55054aa0fd7e9ca3151c19f38af07353ce5a4ee29d
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18017B32780610A7C708F3A8DD1BAAD3397DB06720F00016CF5065B2C3DE509D068ADF
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00639CB3: _wcslen.LIBCMT ref: 00639CBD
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00693CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00693CCA
                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00691DD3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a279f41097d343bb4fe7b6b06ef417fd83ea4272c71d7c8d134fe7cf91687795
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cd4589baa5e89141154c8ebd76335e1f6a74e0591bf7319a7236c91b0144ab9f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a279f41097d343bb4fe7b6b06ef417fd83ea4272c71d7c8d134fe7cf91687795
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18F0A475A4121966DF08E7A4CD52EFE777EAF02350F140919B922A76C1DAB0590C8AB4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00703018,0070305C), ref: 006C81BF
                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32 ref: 006C81D1
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                                                                            • String ID: \0p
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3712363035-363088137
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2ca65fb3f8e70bcc92879bab7bb6d0a86f702a34f6276347ebdf6fcc2be40295
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 49cf328b612d3b0da2fca015b3c65d22e1ca3ef1e1337dd9d1500609f6ce5897
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ca65fb3f8e70bcc92879bab7bb6d0a86f702a34f6276347ebdf6fcc2be40295
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DEF03AB1641300FAF3206765AC49FB73A9EEB05751F008465BA0CD61A2DA6A8A0482E8
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                            • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 03f55da484aaffd3fe21910d021e4148dfdd5b9ec42675d1f4e7a5ceeb183f03
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 81bc1d5286103a452d24a2c6722246be743bab11eaa6e962248841fbe2c44083
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 03f55da484aaffd3fe21910d021e4148dfdd5b9ec42675d1f4e7a5ceeb183f03
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8AE02B4260422020927112799CC29FF57CBCFC5753B10182FFD81C2366EE948DD193E4
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00690B23
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ab0c8651a6a2d6be17ff1afc94cbb98b79ebecd2bc0740ec5d2ea3c2046ddbfb
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 98e20eb65bbf7d5deae9e07820590d7d48fd774ea98822c4afa36868b98e06e5
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab0c8651a6a2d6be17ff1afc94cbb98b79ebecd2bc0740ec5d2ea3c2046ddbfb
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78E04F322843583AD3543B94BC07FD97A8BCF05B65F10446EFB9C959C38AE268A056ED
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0064F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00650D71,?,?,?,0063100A), ref: 0064F7CE
                                                                                                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,0063100A), ref: 00650D75
                                                                                                                                                                                                                                                                                                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0063100A), ref: 00650D84
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00650D7F
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7d756b605c935286ea42047c39a707b24609a9a6d423259630b3986af14c0d82
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f95792aa6bc30a5def0b53ef434b3120caa33ad148038ca738accb69551b9215
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7d756b605c935286ea42047c39a707b24609a9a6d423259630b3986af14c0d82
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8E06D702003418BE3609FB8E804B52BBF3EF04741F008A2DE886C6651DBB9E4488B91
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 0064E3D5
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                            • String ID: 0%p$8%p
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1385522511-643965948
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f03c8cb203379490ee383faa9ab61310f0bfab51a0741007bd94398f54b8d215
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8be8b12b68ab434a54751452993ae06da86390889da327d4b36e1ae0b3d671a6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f03c8cb203379490ee383faa9ab61310f0bfab51a0741007bd94398f54b8d215
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5EE0DF32408910CBCB079B18BC5CA883397BB04320F1042F8E502872D3DF396843865D
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 006A302F
                                                                                                                                                                                                                                                                                                                                                            • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 006A3044
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                            • String ID: aut
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ee42d4edd35fc0bb3c360422f9d0f53892645938e7f9035ca51c3719982794bd
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 797aaea68461ce2e1f98438b82be87e6d6900bbd9b8c1a12ca84163d848ed65a
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee42d4edd35fc0bb3c360422f9d0f53892645938e7f9035ca51c3719982794bd
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5DD05E7250032867DB20E7A4AC0EFEB3A6CDB04760F0002A1B659E20A1DAB49A84CAD0
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                            • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6ca6b55ad85e076b2e0e8212d1229d42c61bf1b03ba02551f4ecf4aa133faf23
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6d6c1506e4ab50e8b47750e348b9e99c0c3c099dc2a93ea21e2b95a1e5a0ec4f
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ca6b55ad85e076b2e0e8212d1229d42c61bf1b03ba02551f4ecf4aa133faf23
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22D01261C08108F9CB90A7D0DC59CB9B37FEB18301F508552FA06A2080D624C70A6771
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 006C236C
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000), ref: 006C2373
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069E97B: Sleep.KERNEL32 ref: 0069E9F3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ced91bb7898d60cf54f9a041e024cb177e403d7b4991ca6ed158ec356c52d464
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e6c102ee4a171d77ce46e68e23c3ba7b1b0d05619ff61cbf858fc9f8a3b831e6
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ced91bb7898d60cf54f9a041e024cb177e403d7b4991ca6ed158ec356c52d464
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5D0C9327813107AE6A4B771DC0FFD6661A9B04B24F41591AB74AEA1D0C9A5A8018A58
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 006C232C
                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 006C233F
                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0069E97B: Sleep.KERNEL32 ref: 0069E9F3
                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 27d0485336d071c785c834f50931a9cbea697d378de927f4b3d9c61e8013291b
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f092aa2d31d8191c396092296eea43bbfa7b530bf195eabc896d7c89a55b421e
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27d0485336d071c785c834f50931a9cbea697d378de927f4b3d9c61e8013291b
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83D01236794310B7E7A4B771DC0FFE67A1A9B00B24F01591AB74AEA1D0C9F5A801CB54
                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0066BE93
                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0066BEA1
                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0066BEFC
                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1881501838.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881437927.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1881831786.00000000006F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882094032.00000000006FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1882158121.0000000000704000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 34d95577b3b617b8e3f25b4d7858bb3c885f0cbd48d0a7b2aa2a7ca62fdfb667
                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5701fe99abf79964a85493bbb1c67b226b5e9820d0feb0eb6a4c47cbd2364c09
                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 34d95577b3b617b8e3f25b4d7858bb3c885f0cbd48d0a7b2aa2a7ca62fdfb667
                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D041D435600246EFCF218FA5CC54AFA7BA7AF41360F14A169F959D72B1DB318D81CB60